General
-
Target
ed58ffee46a583c177c792b56c9fc20ccd9509d125f2e3fc90c4f48de7e2c2a1
-
Size
1.2MB
-
Sample
211210-qsbttshher
-
MD5
8f1c8b40c7be588389a8d382040b23bb
-
SHA1
bef5209ae90a3bd3171e1e0be4e8148c4ccd8a6a
-
SHA256
ed58ffee46a583c177c792b56c9fc20ccd9509d125f2e3fc90c4f48de7e2c2a1
-
SHA512
9192b6f2f8320a728c445f9cd6e6d66495ad0ebebd7ff193dc09ee8ae57b3933c1b75dc208e7d638db273cb9d31b4ca24ee7bfd9729ff0cdbf432d72bb322b1f
Static task
static1
Behavioral task
behavioral1
Sample
ed58ffee46a583c177c792b56c9fc20ccd9509d125f2e3fc90c4f48de7e2c2a1.exe
Resource
win10-en-20211208
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
prepepe.ac.ug
Extracted
raccoon
1.8.3-hotfix
5781468cedb3a203003fdf1f12e72fe98d6f1c0f
-
url4cnc
http://194.180.174.53/brikitiki
http://91.219.236.18/brikitiki
http://194.180.174.41/brikitiki
http://91.219.236.148/brikitiki
https://t.me/brikitiki
Targets
-
-
Target
ed58ffee46a583c177c792b56c9fc20ccd9509d125f2e3fc90c4f48de7e2c2a1
-
Size
1.2MB
-
MD5
8f1c8b40c7be588389a8d382040b23bb
-
SHA1
bef5209ae90a3bd3171e1e0be4e8148c4ccd8a6a
-
SHA256
ed58ffee46a583c177c792b56c9fc20ccd9509d125f2e3fc90c4f48de7e2c2a1
-
SHA512
9192b6f2f8320a728c445f9cd6e6d66495ad0ebebd7ff193dc09ee8ae57b3933c1b75dc208e7d638db273cb9d31b4ca24ee7bfd9729ff0cdbf432d72bb322b1f
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M16
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-