General
-
Target
1d4043e95026d07137c5ea2205fcb854.exe
-
Size
1MB
-
Sample
211102-r4qmsschf8
-
MD5
1d4043e95026d07137c5ea2205fcb854
-
SHA1
719bd3259af48728d946ffd535d291a25d6a9eef
-
SHA256
e688db3d0be7a10fa8ddd79918265cac9ef0949d7d07072f82aff9ae43d6fadb
-
SHA512
8150c5a465e2efb4dd887885343695f52d43346e32c8977f836e2238afca2c6492cd8d6d68bd2add61b0c8e34e951583490f7b5108a2b581b6c45de3be2fcc61
Static task
static1
Behavioral task
behavioral1
Sample
1d4043e95026d07137c5ea2205fcb854.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
1d4043e95026d07137c5ea2205fcb854.exe
Resource
win10-en-20211014
Malware Config
Extracted
raccoon
32365171a31c4583d6e3b7aad1690e41cefc38eb
-
url4cnc
http://telegalive.top/brikitiki
http://toptelete.top/brikitiki
http://telegraf.top/brikitiki
https://t.me/brikitiki
Extracted
oski
colonna.ac.ug
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
1d4043e95026d07137c5ea2205fcb854.exe
-
Size
1MB
-
MD5
1d4043e95026d07137c5ea2205fcb854
-
SHA1
719bd3259af48728d946ffd535d291a25d6a9eef
-
SHA256
e688db3d0be7a10fa8ddd79918265cac9ef0949d7d07072f82aff9ae43d6fadb
-
SHA512
8150c5a465e2efb4dd887885343695f52d43346e32c8977f836e2238afca2c6492cd8d6d68bd2add61b0c8e34e951583490f7b5108a2b581b6c45de3be2fcc61
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-