General
-
Target
9D227EB3F4FF27C39D61130FAE6458B06A33EE315A6E2.exe
-
Size
1.0MB
-
Sample
220206-kfcbyahabq
-
MD5
253732efc73b152f1f2d496413ed232c
-
SHA1
9d7d404930cf891bf54a034bf9c9f943e42fba14
-
SHA256
9d227eb3f4ff27c39d61130fae6458b06a33ee315a6e2a8fd84afe08d49ce553
-
SHA512
a57e998e52e961056f84160a00dd60f2f8f8715f9f69d5fce9845367ce53560848152bf074a801ed46c1f0cb8ff071b9f5bb630de9045febac77168b3badff6f
Static task
static1
Behavioral task
behavioral1
Sample
9D227EB3F4FF27C39D61130FAE6458B06A33EE315A6E2.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9D227EB3F4FF27C39D61130FAE6458B06A33EE315A6E2.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
pretorian.ug
Extracted
raccoon
125d9f8ed76e486f6563be097a710bd4cba7f7f2
-
url4cnc
http://5.252.178.180/brikitiki
https://t.me/brikitiki
Targets
-
-
Target
9D227EB3F4FF27C39D61130FAE6458B06A33EE315A6E2.exe
-
Size
1.0MB
-
MD5
253732efc73b152f1f2d496413ed232c
-
SHA1
9d7d404930cf891bf54a034bf9c9f943e42fba14
-
SHA256
9d227eb3f4ff27c39d61130fae6458b06a33ee315a6e2a8fd84afe08d49ce553
-
SHA512
a57e998e52e961056f84160a00dd60f2f8f8715f9f69d5fce9845367ce53560848152bf074a801ed46c1f0cb8ff071b9f5bb630de9045febac77168b3badff6f
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
-
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
suricata: ET MALWARE Win32/AZORult V3.3 Client Checkin M5
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-