Extracted

Extracted

• • Target

    JaffaCakes118_1597ffd4b1262d1d25f34f0de7aed129

  • Size

    598KB

  • MD5

    1597ffd4b1262d1d25f34f0de7aed129

  • SHA1

    936fcc97ca39f39aaa05635b95da5a7698785546

  • SHA256

    f659031b488c5c105016d60cfc9da09ea0a68f43b957e8b264461e75bcbf6f4b

  • SHA512

    29b611766ee35dbf286a71462d845f54897b21c583e24eeb4cbcf5bc387f2468d0ebdb1712f6fc54b3a122d2a1fec122f7c9af7faeda31e6e0625cdff77d9dad

  • SSDEEP

    12288:FSfa9ALNWgoeJWD8YX+l9q2xyjiXsCIHJrOiv3QfYXge8ERosA:FSCCVWoQ+kZCaTuYX3u

  Score

  10^/10

  azorultoskidiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Azorult family

    azorult

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Oski family

    oski

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2