Overview

overview

10

Static

static

SecuriteIn...24.exe

windows7_x64

10

SecuriteIn...24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Malware.8024

  • Size

    377KB

  • Sample

    200624-blw2v958ns

  • MD5

    9260c46081a7cd2e76665c9deb72e70b

  • SHA1

    bc2ec093230801662aa9c80d8dbc44ee58f0bf15

  • SHA256

    682be0853ccd6f60deb69d27941a628758c4e13e7d2e6ee95a95f415f3a9f0c6

  • SHA512

    69cc48697dfda865d98a99c41f97c13d9d1fb091969ee064a5719735b4714dc2b5ecb7c59339684c69321c4124f843ff04c8d7dcfb77711c070a26eda52aeae9

Score
10/10
azorultmodiloaderoskiraccoonad27fba1502405da37198363b1a8548a7796684bdiscoveryinfostealerspywarestealertrojan

Malware Config

Extracted

Family

oski

C2

ademg.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

raccoon

Botnet

ad27fba1502405da37198363b1a8548a7796684b

Attributes
  • url4cnc

    https://telete.in/jrikitiki

rc4.plain
rc4.plain

Targets

    • Target

      SecuriteInfo.com.Malware.8024

    • Size

      377KB

    • MD5

      9260c46081a7cd2e76665c9deb72e70b

    • SHA1

      bc2ec093230801662aa9c80d8dbc44ee58f0bf15

    • SHA256

      682be0853ccd6f60deb69d27941a628758c4e13e7d2e6ee95a95f415f3a9f0c6

    • SHA512

      69cc48697dfda865d98a99c41f97c13d9d1fb091969ee064a5719735b4714dc2b5ecb7c59339684c69321c4124f843ff04c8d7dcfb77711c070a26eda52aeae9

    Score
    10/10
    azorultmodiloaderoskiraccoonad27fba1502405da37198363b1a8548a7796684bdiscoveryinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • ModiLoader First Stage

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks