General
-
Target
1df12c42ef50621d6a80a8a48181fa78.exe
-
Size
1012KB
-
Sample
211028-24jvcsccf8
-
MD5
1df12c42ef50621d6a80a8a48181fa78
-
SHA1
9460cc91ae5c6acf8dcdbf57c4ad1f3d3210358d
-
SHA256
d3abda3195fac1ac78486e29fa82d05a3e3bbcba22aa29191dfc21926e027db7
-
SHA512
1b444f653b54d5d47ca0bd93ac5d5ae93a668291ccaa2088e8eb3b4baa339c1f0bf95586dc39dfea8a753adb372040a2100230d810ef6ab837e0aac9671efb7e
Static task
static1
Behavioral task
behavioral1
Sample
1df12c42ef50621d6a80a8a48181fa78.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1df12c42ef50621d6a80a8a48181fa78.exe
Resource
win10-en-20210920
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
raccoon
b76017a227a0d879dec7c76613918569d03892fb
-
url4cnc
http://telegka.top/brikitiki
http://telegin.top/brikitiki
https://t.me/brikitiki
Extracted
oski
scarsa.ac.ug
Targets
-
-
Target
1df12c42ef50621d6a80a8a48181fa78.exe
-
Size
1012KB
-
MD5
1df12c42ef50621d6a80a8a48181fa78
-
SHA1
9460cc91ae5c6acf8dcdbf57c4ad1f3d3210358d
-
SHA256
d3abda3195fac1ac78486e29fa82d05a3e3bbcba22aa29191dfc21926e027db7
-
SHA512
1b444f653b54d5d47ca0bd93ac5d5ae93a668291ccaa2088e8eb3b4baa339c1f0bf95586dc39dfea8a753adb372040a2100230d810ef6ab837e0aac9671efb7e
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-