General
-
Target
76bcbb2aa116aa713dc99159888f457c.exe
-
Size
1.2MB
-
Sample
201008-hnx7n7mrxx
-
MD5
76bcbb2aa116aa713dc99159888f457c
-
SHA1
5722b004ae8ad114625dd5d5f04a830c2d2e66c3
-
SHA256
ce4c9d123144cb01aaa09ecfc34a21b6808c8d891fdd777e3bc8736fc3d877ca
-
SHA512
cfc17e2fe5d6a25c166cd92e318da425657182fef39dd5dd9e21d844fe795e3c31dba0721891f0d1df7f266fc074f379e56f62f6ac29cccca34464ee89d9d3fa
Static task
static1
Behavioral task
behavioral1
Sample
76bcbb2aa116aa713dc99159888f457c.exe
Resource
win7
Malware Config
Extracted
oski
malarcvgs.ac.ug
Extracted
raccoon
ee3b370277b98939f8098234def6cb188c03591f
-
url4cnc
https://telete.in/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
76bcbb2aa116aa713dc99159888f457c.exe
-
Size
1.2MB
-
MD5
76bcbb2aa116aa713dc99159888f457c
-
SHA1
5722b004ae8ad114625dd5d5f04a830c2d2e66c3
-
SHA256
ce4c9d123144cb01aaa09ecfc34a21b6808c8d891fdd777e3bc8736fc3d877ca
-
SHA512
cfc17e2fe5d6a25c166cd92e318da425657182fef39dd5dd9e21d844fe795e3c31dba0721891f0d1df7f266fc074f379e56f62f6ac29cccca34464ee89d9d3fa
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-