General
-
Target
3df00736cd98aedc6145d6163a1cf28117c4402736e004d574c3fb3a7f036357.exe
-
Size
706KB
-
Sample
210102-675tjns6sx
-
MD5
170faeb45ecbd3499349403e53573a5f
-
SHA1
db9b93e719fb25b9621930ad03581b8ff0bf418f
-
SHA256
3df00736cd98aedc6145d6163a1cf28117c4402736e004d574c3fb3a7f036357
-
SHA512
a23f9e1d0f09a979e8b7abacbb3b1fa320e2598b399ac6e9e831845dec1151fa5640f4dd376736f334517de675f6b6e9117e151371d58f7fbaeb85d24a64c8ff
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
malscxa.ac.ug
Targets
-
-
Target
3df00736cd98aedc6145d6163a1cf28117c4402736e004d574c3fb3a7f036357.exe
-
Size
706KB
-
MD5
170faeb45ecbd3499349403e53573a5f
-
SHA1
db9b93e719fb25b9621930ad03581b8ff0bf418f
-
SHA256
3df00736cd98aedc6145d6163a1cf28117c4402736e004d574c3fb3a7f036357
-
SHA512
a23f9e1d0f09a979e8b7abacbb3b1fa320e2598b399ac6e9e831845dec1151fa5640f4dd376736f334517de675f6b6e9117e151371d58f7fbaeb85d24a64c8ff
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-