General
-
Target
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
-
Size
999KB
-
Sample
210430-m2aqp17rpn
-
MD5
0ef5824f270cd5f0677a4b4dfccfcf7a
-
SHA1
7a08ec428f1cee638735440b932e7d9a202d3bcb
-
SHA256
9528962252a217d88d24e372be0b977639c7d00f6777687adec8054eb8480784
-
SHA512
ea9cbfa85ca522f822bcff152afa6a6a1f8c2ae8e91459f105d6f5e4eb53848c696fb2ec756241738fba5d9195972b9c7fecb3073708319af2c27cced0eb709b
Static task
static1
Behavioral task
behavioral1
Sample
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
67a1a4d96e0af06ab629d8d5c048c516a37dbc35
-
url4cnc
https://tttttt.me/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
asyncrat
0.5.7B
icando.ug:6970
icacxndo.ac.ug:6970
6SI8OkPnkxzcasd
-
aes_key
rkDO6u9Rg2tQZ5crWRxI7ttwjOqPWDog
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
XX
-
host
icando.ug,icacxndo.ac.ug
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
6SI8OkPnkxzcasd
-
pastebin_config
null
-
port
6970
-
version
0.5.7B
Targets
-
-
Target
0ef5824f270cd5f0677a4b4dfccfcf7a.exe
-
Size
999KB
-
MD5
0ef5824f270cd5f0677a4b4dfccfcf7a
-
SHA1
7a08ec428f1cee638735440b932e7d9a202d3bcb
-
SHA256
9528962252a217d88d24e372be0b977639c7d00f6777687adec8054eb8480784
-
SHA512
ea9cbfa85ca522f822bcff152afa6a6a1f8c2ae8e91459f105d6f5e4eb53848c696fb2ec756241738fba5d9195972b9c7fecb3073708319af2c27cced0eb709b
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-