Description
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
General
Target
Size
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
355KB
201119-zsmyyy1rea
Score
10 /10
MD5
SHA1
SHA256
SHA512
b403152a9d1a6e02be9952ff3ea10214
74fc4148f9f2979a0ec88ffa613c2147c4d5e7e5
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51
0ac24ef826ae66bbba8bd5de70cb491d765ae33659452da97605701b3a39a33933f9d2795af1e8a8615cc99ae755fccc61fc44737122067eb05d7b1c435a4ec8
Malware Config
Extracted
| Family | azorult |
| C2 |
http://195.245.112.115/index.php |
Targets
Target
MD5
Filesize
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
b403152a9d1a6e02be9952ff3ea10214
355KB
Score
10 /10
SHA1
SHA256
SHA512
74fc4148f9f2979a0ec88ffa613c2147c4d5e7e5
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51
0ac24ef826ae66bbba8bd5de70cb491d765ae33659452da97605701b3a39a33933f9d2795af1e8a8615cc99ae755fccc61fc44737122067eb05d7b1c435a4ec8
Tags
Signatures
-
Azorult
-
Oski
Description
Oski is an infostealer targeting browser data, crypto wallets.
Tags
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
JavaScript code in executable
-
Modifies service
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks