azorult

Resubmissions

25-06-2021 19:15

210625-s7px2e1ylj 10

17-01-2021 18:16

210117-4q77zkpy6a 10

17-01-2021 18:07

210117-fnx6sxj5es 10

14-01-2021 22:32

210114-n63wfq34e6 10

Sharing

Copy URL

Twitter E-mail

General

Target

Myrondscsesfscses777.exe
Size

1.3MB
Sample

210114-n63wfq34e6
MD5

1ddf556a4abb7bebcb0307188342d4ab
SHA1

a7bf13043b96982af855e2742fe82b004b629bfb
SHA256

5db96b0ee43594af4cde84cec550269e66d311cfa59d63095a00c0b9d5e40f4b
SHA512

866e1591477cdbc057e800ce618776dd75656611e040a601de9cec8765a06a2dad21d5ffb924cbce290b0f84aa92569378a6578b323fdc3aab622a94169072d1

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

311be0bee3a0be24f3cf9135a2ea0dd269c9c675

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

Extracted

Family

azorult

http://195.245.112.115/index.php

Extracted

Family

oski

regay.ac.ug

Targets

- Target
  
  Myrondscsesfscses777.exe
- Size
  
  1.3MB
- MD5
  
  1ddf556a4abb7bebcb0307188342d4ab
- SHA1
  
  a7bf13043b96982af855e2742fe82b004b629bfb
- SHA256
  
  5db96b0ee43594af4cde84cec550269e66d311cfa59d63095a00c0b9d5e40f4b
- SHA512
  
  866e1591477cdbc057e800ce618776dd75656611e040a601de9cec8765a06a2dad21d5ffb924cbce290b0f84aa92569378a6578b323fdc3aab622a94169072d1
Score

10^/10

azorult oski raccoon 311be0bee3a0be24f3cf9135a2ea0dd269c9c675 discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Oski

Raccoon

Suspicious use of NtCreateProcessExOtherParentProcess

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2