General

  • Target

    JaffaCakes118_eeedcdaf8b25d53c4b78de28ea7314e0b4720f1020b2b04a917c24b70e115692

  • Size

    268KB

  • Sample

    241224-qhvh7ayjb1

  • MD5

    49f268a31dfb5c92b1e387e217f79f34

  • SHA1

    94494319b343646181a7ed11a2a2bb88e7a31794

  • SHA256

    eeedcdaf8b25d53c4b78de28ea7314e0b4720f1020b2b04a917c24b70e115692

  • SHA512

    de49caf42d937550d800e1115fc6877b1bb361032cf4f124b51a2e90cd6c4c5cb1234e7b517ae88610ef8fda9a0b9a3570d440aa0fada45d6fb7bdf8bbd4d9d4

  • SSDEEP

    6144:fuK3Fgk1VXoSsJeysJIIP3ZHpGTrdXAFaxg7g/rakT:2K3FgtcysKIP3YhAcT/raQ

Malware Config

Extracted

Family

azorult

C2

http://transcendem.com/loci/index.php

Targets

    • Target

      bed240a72fd5fc81f31342fd9cb218b9563c409b6558f9aa36fd39fc664ab76e

    • Size

      323KB

    • MD5

      f5672c7a7280a2e8fdb120ffed79caf2

    • SHA1

      7979e061ceb6c80edccfd12a62f97c09ff5fa2e0

    • SHA256

      bed240a72fd5fc81f31342fd9cb218b9563c409b6558f9aa36fd39fc664ab76e

    • SHA512

      7b255d2e0cbc0ad80f25095b45fe00364f1e3558606520d8bc06010ad182e716d1f8eefac40ca0f46b8084673e1a56b84b79067d4c8e7a66a9118371461c5a89

    • SSDEEP

      6144:mWFa8AZg+1/CDimsA2uT35TAQ5u6ktookmrNgb:BaASiFjTjP

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks