General
-
Target
256a1a52b691f3564d7ceaa9f6a1eaf4.exe
-
Size
968KB
-
Sample
211008-nmqppaead2
-
MD5
256a1a52b691f3564d7ceaa9f6a1eaf4
-
SHA1
e99774740b4d1076c3fd0f686274d678cda1a2b6
-
SHA256
1748b08304d248899ba482858932847ed7b07258edc30ade300a021a622b10be
-
SHA512
3fbb04676efd116cfd0940ed80183e31644f96bb77b149cd2d6c2b9a4b81544ad54ef5a58c0673fc572b23ee6873f01af966539ec485b18b20c52b9a092f0cc2
Static task
static1
Behavioral task
behavioral1
Sample
256a1a52b691f3564d7ceaa9f6a1eaf4.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
256a1a52b691f3564d7ceaa9f6a1eaf4.exe
Resource
win10-en-20210920
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
raccoon
1.8.2
728e62b0300799f2a8741c39a71a1543c6759e8d
-
url4cnc
http://teletop.top/brikitiki
http://teleta.top/brikitiki
https://t.me/brikitiki
Extracted
oski
scarsa.ac.ug
Targets
-
-
Target
256a1a52b691f3564d7ceaa9f6a1eaf4.exe
-
Size
968KB
-
MD5
256a1a52b691f3564d7ceaa9f6a1eaf4
-
SHA1
e99774740b4d1076c3fd0f686274d678cda1a2b6
-
SHA256
1748b08304d248899ba482858932847ed7b07258edc30ade300a021a622b10be
-
SHA512
3fbb04676efd116cfd0940ed80183e31644f96bb77b149cd2d6c2b9a4b81544ad54ef5a58c0673fc572b23ee6873f01af966539ec485b18b20c52b9a092f0cc2
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-