General
-
Target
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
-
Size
999KB
-
Sample
210430-6crg28tzfx
-
MD5
0ef5824f270cd5f0677a4b4dfccfcf7a
-
SHA1
7a08ec428f1cee638735440b932e7d9a202d3bcb
-
SHA256
9528962252a217d88d24e372be0b977639c7d00f6777687adec8054eb8480784
-
SHA512
ea9cbfa85ca522f822bcff152afa6a6a1f8c2ae8e91459f105d6f5e4eb53848c696fb2ec756241738fba5d9195972b9c7fecb3073708319af2c27cced0eb709b
Static task
static1
Behavioral task
behavioral1
Sample
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
67a1a4d96e0af06ab629d8d5c048c516a37dbc35
-
url4cnc
https://tttttt.me/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
malcacnba.ac.ug
Targets
-
-
Target
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
-
Size
999KB
-
MD5
0ef5824f270cd5f0677a4b4dfccfcf7a
-
SHA1
7a08ec428f1cee638735440b932e7d9a202d3bcb
-
SHA256
9528962252a217d88d24e372be0b977639c7d00f6777687adec8054eb8480784
-
SHA512
ea9cbfa85ca522f822bcff152afa6a6a1f8c2ae8e91459f105d6f5e4eb53848c696fb2ec756241738fba5d9195972b9c7fecb3073708319af2c27cced0eb709b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-