azorult

General

Target

1EB39C14ABCAC667CA35CF294BFDA8AC6282B93028D83.exe
Size

441KB
Sample

210830-7xd91hmw9x
MD5

9ecf4d06241c3f09c06ca879261d43fa
SHA1

961267a60529e5fa8cf5186386563afc634ef615
SHA256

1eb39c14abcac667ca35cf294bfda8ac6282b93028d830f1665afa2a87cff4ef
SHA512

2e6b863ed9f4d75c8d87f52f84ff4f6814a7eb9852d6d9c5daffb0202757d01eeb96ab25c71fd87e9e988fd8a3a803e7188919c23161ff70b8a713d7b92258f6

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

hsagoi.ac.ug

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

Targets

- Target
  
  1EB39C14ABCAC667CA35CF294BFDA8AC6282B93028D83.exe
- Size
  
  441KB
- MD5
  
  9ecf4d06241c3f09c06ca879261d43fa
- SHA1
  
  961267a60529e5fa8cf5186386563afc634ef615
- SHA256
  
  1eb39c14abcac667ca35cf294bfda8ac6282b93028d830f1665afa2a87cff4ef
- SHA512
  
  2e6b863ed9f4d75c8d87f52f84ff4f6814a7eb9852d6d9c5daffb0202757d01eeb96ab25c71fd87e9e988fd8a3a803e7188919c23161ff70b8a713d7b92258f6
Score

10^/10

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 discovery infostealer spyware stealer suricata trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M18
  suricata
- suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M3
  suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M3
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2