General

  • Target

    JaffaCakes118_ac42914399db13a328f06ea04560121ce1482e587b5c6952d2383ab61371f3f0

  • Size

    945KB

  • Sample

    241222-jw8veaznhv

  • MD5

    62e409df54f42f1d9ff781fa9b128995

  • SHA1

    af3a71ec59f03be476ea052a5adf41944e88653a

  • SHA256

    ac42914399db13a328f06ea04560121ce1482e587b5c6952d2383ab61371f3f0

  • SHA512

    b97dc118c5a23ec44d4a586f2f94b8c9ecc81487136e7ff6d482d6e48c6f7c57070698f707d729f3af587b4037efd1d24444dd98ff278a8dca842acd60aabfe8

  • SSDEEP

    24576:W4Hk9c1BvbCCDJimUUVbH3rGJNFjjuEbOm05Nfog:W4HkuBvbbBVD3arlh05Rb

Malware Config

Extracted

Family

azorult

C2

http://treasurerauditor.com/temp/oka/index.php

Targets

    • Target

      fe3b01680d6af2bf9852a095d114071b406e23e8ce0e4ad10b596fd8c6038315

    • Size

      1.1MB

    • MD5

      91e00dfab0a4c96a3eb89ea38eff74c4

    • SHA1

      36437c1ce663d7d812d3904d2af22ff38b2b215a

    • SHA256

      fe3b01680d6af2bf9852a095d114071b406e23e8ce0e4ad10b596fd8c6038315

    • SHA512

      346e6fc00f672c115289336f737d3833549116ad06c095960324b204b9a778ff40cb6d156918142b64d2565e971dd9f206927b74f73aeed84de869936a37de30

    • SSDEEP

      24576:wjsyKjksSkssz+zuNAkoo6bquPATy8jh8N6Z9UnIZs:wj/K5zEu3//u8+N6Z9UnIK

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks