34a27a9beb4f68668a75967b9ea609dd2a958b29c66b70e0bd8e69bc5456fedb.exe

General
Target

34a27a9beb4f68668a75967b9ea609dd2a958b29c66b70e0bd8e69bc5456fedb.exe

Size

667KB

Sample

201112-6rs9rfsesa

Score
10 /10
MD5

a7bb277ebea155081e10479495249ad7

SHA1

47b8964f0904bd37997d8d8580fcf08fc76b98d1

SHA256

34a27a9beb4f68668a75967b9ea609dd2a958b29c66b70e0bd8e69bc5456fedb

SHA512

c53f9f3e654b963cf61c2112f4470809c582994235eb16ffd4f2edf7b68f16b3ee65622b0dfae2aed8e4f0859b320d48ac5e7a5268b0f3b51dc97197e8b96701

Malware Config

Extracted

Family azorult
C2

http://195.245.112.115/index.php

Extracted

Family oski
C2

morasergiov.ac.ug

Targets
Target

34a27a9beb4f68668a75967b9ea609dd2a958b29c66b70e0bd8e69bc5456fedb.exe

MD5

a7bb277ebea155081e10479495249ad7

Filesize

667KB

Score
10 /10
SHA1

47b8964f0904bd37997d8d8580fcf08fc76b98d1

SHA256

34a27a9beb4f68668a75967b9ea609dd2a958b29c66b70e0bd8e69bc5456fedb

SHA512

c53f9f3e654b963cf61c2112f4470809c582994235eb16ffd4f2edf7b68f16b3ee65622b0dfae2aed8e4f0859b320d48ac5e7a5268b0f3b51dc97197e8b96701

Tags

Signatures

  • Azorult

    Description

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    Tags

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation