Extracted

Extracted

• • Target

    G019 & G022 SPEC SHEET.exe

  • Size

    245KB

  • MD5

    c91aa9b71b9c9e496f38e13de6b56211

  • SHA1

    8d405cb844a222c632009435cbf7ab3aa82e09d5

  • SHA256

    f03142ed5b5aa4e86483adfb17f5983ae83a61bc20d074d9aa84713ba4779ca4

  • SHA512

    3725e35661e71b01ea5da974c6358754ae7d4d84e608e7ce541182da65d6d1aed2c8d7dc91970a2e9ef89f8505037721ddf858dc9233192ec3317b5ab8c70f7b

  Score

  10^/10

  azorultoskidiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2