azorult

General

Target

0ac984f49c3f93fb22fba1f742e7c61d.exe
Size

892KB
Sample

200624-kdmnvgkal2
MD5

0ac984f49c3f93fb22fba1f742e7c61d
SHA1

74af1a941eb1f99a8112e2978194f5e6618549d0
SHA256

6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
SHA512

86cf89c999a23f714d834a589fef3bbdf1634bd6356db3582e02a1dcc8e32f2d888aa9898c26f30dafba93c72d064a99bc9b7c5ec9efd7b2c3dd6ec2a0799ab6

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

corinthiano.ug

Extracted

Family

raccoon

Botnet

4320d8bbff1d6d308fddc660016aa8623ee9fec1

Attributes

url4cnc
https://telete.in/jrikitiki

rc4.plain

Targets

- Target
  
  0ac984f49c3f93fb22fba1f742e7c61d.exe
- Size
  
  892KB
- MD5
  
  0ac984f49c3f93fb22fba1f742e7c61d
- SHA1
  
  74af1a941eb1f99a8112e2978194f5e6618549d0
- SHA256
  
  6fa66f7851bea577cc6adfda11d3225a69b7c6554f028851eddd4d23ea074a59
- SHA512
  
  86cf89c999a23f714d834a589fef3bbdf1634bd6356db3582e02a1dcc8e32f2d888aa9898c26f30dafba93c72d064a99bc9b7c5ec9efd7b2c3dd6ec2a0799ab6
Score

10^/10

azorult oski infostealer spyware stealer trojan raccoon 4320d8bbff1d6d308fddc660016aa8623ee9fec1
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Oski

Raccoon

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2