General
-
Target
dcf6b06a2d2848e904d07139803037bc.exe
-
Size
1.3MB
-
Sample
201009-kmpzm78qgn
-
MD5
dcf6b06a2d2848e904d07139803037bc
-
SHA1
f6ffc921601f7591e0ddcba23ec39ea21b644623
-
SHA256
033dd7d02172855d2e61e1dcfae24bdeb9136310503e06bf7079ef78db9422ae
-
SHA512
f6c5062cc895701e0832f7401d19c276cd2f6cb824c06394c7c4af25be65fbf116599f115f0829cb42ab7a13267e503bf0ab5d829bd013cd3c072217bc30b512
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
letitburns.ug
Extracted
raccoon
ee3b370277b98939f8098234def6cb188c03591f
-
url4cnc
https://telete.in/brikitiki
Targets
-
-
Target
dcf6b06a2d2848e904d07139803037bc.exe
-
Size
1.3MB
-
MD5
dcf6b06a2d2848e904d07139803037bc
-
SHA1
f6ffc921601f7591e0ddcba23ec39ea21b644623
-
SHA256
033dd7d02172855d2e61e1dcfae24bdeb9136310503e06bf7079ef78db9422ae
-
SHA512
f6c5062cc895701e0832f7401d19c276cd2f6cb824c06394c7c4af25be65fbf116599f115f0829cb42ab7a13267e503bf0ab5d829bd013cd3c072217bc30b512
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-