Overview

overview

10

Static

static

5

65360ab6d8...f8.exe

windows7-x64

10

65360ab6d8...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6f652c4c134782a16323907cdf41a6611e31ccd3ee2f41c08d4602c3ef33cb9a

  • Size

    745KB

  • Sample

    241228-3ekk2avqcm

  • MD5

    9f655bc01f56249a9b1932124a537c12

  • SHA1

    386530fe6825f9be2bf951c142707c324091c111

  • SHA256

    6f652c4c134782a16323907cdf41a6611e31ccd3ee2f41c08d4602c3ef33cb9a

  • SHA512

    8dc5637e580be1c3884f925d7404072c61438e4820ff86029bd40a0b1a4b583df3d209d2ad7d51f20f06f9bcf7ac0952f62fb230161378cba22de0001e986a9c

  • SSDEEP

    12288:UKDfrRmZHm7OVuB2exwpbWIgGxULtp3Wx02nne1XsaoR8Cm4Dm0Gh96ynj0NjwfR:7b1eZVQBxiJxuH3c0N1XsaoiQm3V5R

Score
10/10
azorultdiscoveryinfostealerpersistencetrojan

Malware Config

Extracted

Family

azorult

C2

http://idealindustries.us/index.php

Targets

    • Target

      65360ab6d872b28fa7eaa9c51d792dbe3ffb357ca60ccd5b93d99311af6df1f8

    • Size

      1.1MB

    • MD5

      22df9610f8c80b66ae84610c745cad8b

    • SHA1

      24fcdee4312f6129066f0a59fea54866757f468e

    • SHA256

      65360ab6d872b28fa7eaa9c51d792dbe3ffb357ca60ccd5b93d99311af6df1f8

    • SHA512

      e64e7e5f6b84bd57d6c0ee6d2a289ea99b186b1dd0353a5b0981ee8e7ee9c308fb8ac42553adca53637395d5208e09f4202c5236c40f235ac3e02181c87e9851

    • SSDEEP

      24576:tAHnh+eWsN3skA4RV1Hom2KXMmHawpSEUlMcQtbM5:Mh+ZkldoPK8YawUE+d

    Score
    10/10
    azorultdiscoveryinfostealerpersistencetrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Azorult family

      azorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks