Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 16:19
Behavioral task
behavioral1
Sample
JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe
-
Size
112KB
-
MD5
9d739a108a3ca120f28f4cefcc8c5537
-
SHA1
cc427858cbd90adf4dc1ca9ac6c05f3b32a2e54e
-
SHA256
087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586
-
SHA512
568a9342d1c48923e256e461bc47c96127ebbcf2a4bee1e49be47da3de2043ea7628c65b470737c48583fd19851b70d6e2fede88837b62e460f7731afb65002e
-
SSDEEP
3072:tuOSXpMx7ZAlHsbfUkolNGti7lfqeSxM3SpyEY3E/mxg/:Zzx7ZApszolIo7lf/ipT/m
Malware Config
Extracted
azorult
http://194.31.98.183/index.php
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_087026bf04aa317b734376647d19c68893ccca0bc5b15cabfa3376159dfa7586.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2872