azorult | ed9d96725b88ce0a3caee6d98c11369fb84a1d7eca3847db66abe63c49955f73 | Triage

Submit
Reports

Overview

overview

Static

static

501b75d8db...48.exe

windows7_x64

501b75d8db...48.exe

windows10_x64

Sharing

General

Target

501b75d8dbd7438757d5c35406d61e48.exe
Size

734KB
Sample

201009-p8t9ndbze2
MD5

501b75d8dbd7438757d5c35406d61e48
SHA1

abec9aaa87c6fcecddbeee721835ad1fd7aa39fe
SHA256

ed9d96725b88ce0a3caee6d98c11369fb84a1d7eca3847db66abe63c49955f73
SHA512

d2e7558d0b89df1cae8556c2321e83c706a6f177a31ddcb346d347ba3736d60ea4be0d9e897819f1d0855cbd79c3a7f475a634370691fc8da256f7fe804d57b8

Score

10^/10

azorult oski raccoon ee3b370277b98939f8098234def6cb188c03591f discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

501b75d8dbd7438757d5c35406d61e48.exe

Resource

win7

azorult oski raccoon ee3b370277b98939f8098234def6cb188c03591f discovery infostealer spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

501b75d8dbd7438757d5c35406d61e48.exe

Resource

win10v200722

azorult oski raccoon ee3b370277b98939f8098234def6cb188c03591f discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ee3b370277b98939f8098234def6cb188c03591f

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Extracted

Family

oski

C2

letitburns.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  501b75d8dbd7438757d5c35406d61e48.exe
- Size
  
  734KB
- MD5
  
  501b75d8dbd7438757d5c35406d61e48
- SHA1
  
  abec9aaa87c6fcecddbeee721835ad1fd7aa39fe
- SHA256
  
  ed9d96725b88ce0a3caee6d98c11369fb84a1d7eca3847db66abe63c49955f73
- SHA512
  
  d2e7558d0b89df1cae8556c2321e83c706a6f177a31ddcb346d347ba3736d60ea4be0d9e897819f1d0855cbd79c3a7f475a634370691fc8da256f7fe804d57b8
Score

10^/10

azorult oski raccoon ee3b370277b98939f8098234def6cb188c03591f discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

azorultoskiraccoonee3b370277b98939f8098234def6cb188c03591fdiscoveryinfostealerspywarestealertrojan

behavioral2

azorultoskiraccoonee3b370277b98939f8098234def6cb188c03591fdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy