General
-
Target
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822.exe
-
Size
2.9MB
-
Sample
211008-pag3fsebg8
-
MD5
b6841e1bdebcb206e38123af2ba3254c
-
SHA1
0e3928f6de38d4b2d0badb245d1516721712b330
-
SHA256
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822
-
SHA512
7d1c3670b8b3a3b911620949816e58103e827f4cd8318dceb1b513591e13485ccc131229709df04daae608b2f83369d90132f49095c0a9043f17e565ece0279d
Static task
static1
Behavioral task
behavioral1
Sample
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822.exe
Resource
win10-en-20210920
Malware Config
Extracted
raccoon
1.8.2
728e62b0300799f2a8741c39a71a1543c6759e8d
-
url4cnc
http://teletop.top/brikitiki
http://teleta.top/brikitiki
https://t.me/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
scarsa.ac.ug
Targets
-
-
Target
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822.exe
-
Size
2.9MB
-
MD5
b6841e1bdebcb206e38123af2ba3254c
-
SHA1
0e3928f6de38d4b2d0badb245d1516721712b330
-
SHA256
618c78fbf67d014137470a93c49571272e7777ce49ab31ccbf47ec11739ef822
-
SHA512
7d1c3670b8b3a3b911620949816e58103e827f4cd8318dceb1b513591e13485ccc131229709df04daae608b2f83369d90132f49095c0a9043f17e565ece0279d
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-