General
-
Target
d90dce4c9b940d6099e1efc55ff514bd
-
Size
1.2MB
-
Sample
211210-sb6c8aghd9
-
MD5
d90dce4c9b940d6099e1efc55ff514bd
-
SHA1
80507bd3142ca4e2136b71fd8e45ce872611e467
-
SHA256
3dc57dcb56f96be6067cb54322ec97aea1724c1ec8084ae7f8b1a71d140352a0
-
SHA512
c534744ab145d2e95d3682427fe5c8356d85f24410f2b8c085517342f5c4cacdf2b1316860d5f4f5d7062abcfb21dd31deb4eedef4fb8765a2c5fb528506e1c0
Static task
static1
Behavioral task
behavioral1
Sample
d90dce4c9b940d6099e1efc55ff514bd.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d90dce4c9b940d6099e1efc55ff514bd.exe
Resource
win10-en-20211208
Malware Config
Extracted
raccoon
1.8.3-hotfix
5781468cedb3a203003fdf1f12e72fe98d6f1c0f
-
url4cnc
http://194.180.174.53/brikitiki
http://91.219.236.18/brikitiki
http://194.180.174.41/brikitiki
http://91.219.236.148/brikitiki
https://t.me/brikitiki
Extracted
oski
prepepe.ac.ug
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
d90dce4c9b940d6099e1efc55ff514bd
-
Size
1.2MB
-
MD5
d90dce4c9b940d6099e1efc55ff514bd
-
SHA1
80507bd3142ca4e2136b71fd8e45ce872611e467
-
SHA256
3dc57dcb56f96be6067cb54322ec97aea1724c1ec8084ae7f8b1a71d140352a0
-
SHA512
c534744ab145d2e95d3682427fe5c8356d85f24410f2b8c085517342f5c4cacdf2b1316860d5f4f5d7062abcfb21dd31deb4eedef4fb8765a2c5fb528506e1c0
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-