azorult

General

Target

020824e5aa9ecb744b1b94bd855a8f3a.exe
Size

1.2MB
Sample

210819-jm557lweca
MD5

020824e5aa9ecb744b1b94bd855a8f3a
SHA1

d6082fcfcfa6e7f1d719c2c02a3e761e46d48004
SHA256

d0b7a458e09fd14ae8476200bd5acf2fc93ea0e2fea357079a88df80e720c23d
SHA512

d30c70279155b33f0c46e11ca4c591f00caf1574a0a02a7875226f0fea0b09327685ab2b6a52fa216d01032c362b2f119bea8aa4cbae0717e687a43eacbe8a33

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

hsagoi.ac.ug

Targets

- Target
  
  020824e5aa9ecb744b1b94bd855a8f3a.exe
- Size
  
  1.2MB
- MD5
  
  020824e5aa9ecb744b1b94bd855a8f3a
- SHA1
  
  d6082fcfcfa6e7f1d719c2c02a3e761e46d48004
- SHA256
  
  d0b7a458e09fd14ae8476200bd5acf2fc93ea0e2fea357079a88df80e720c23d
- SHA512
  
  d30c70279155b33f0c46e11ca4c591f00caf1574a0a02a7875226f0fea0b09327685ab2b6a52fa216d01032c362b2f119bea8aa4cbae0717e687a43eacbe8a33
Score

10^/10

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 discovery infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2