General
-
Target
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8.exe
-
Size
512KB
-
Sample
220210-aepwjabhf2
-
MD5
1fdf9b9ac3b1b74a73f0dfdbdbd99827
-
SHA1
4fca8630117e276b664de8e75a0c6ae3ed5ad48e
-
SHA256
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8
-
SHA512
53c3d9c915c1777788dd30d2c062d433339f42adb8191fcf883aeb69a244f67f38ecf6cad3bbe9a1fd38b138e7d1847209d116781a5f3c21e5dd724e50daff6d
Static task
static1
Behavioral task
behavioral1
Sample
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
pretorian.ug
Extracted
raccoon
125d9f8ed76e486f6563be097a710bd4cba7f7f2
-
url4cnc
http://5.252.178.180/brikitiki
https://t.me/brikitiki
Targets
-
-
Target
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8.exe
-
Size
512KB
-
MD5
1fdf9b9ac3b1b74a73f0dfdbdbd99827
-
SHA1
4fca8630117e276b664de8e75a0c6ae3ed5ad48e
-
SHA256
0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8
-
SHA512
53c3d9c915c1777788dd30d2c062d433339f42adb8191fcf883aeb69a244f67f38ecf6cad3bbe9a1fd38b138e7d1847209d116781a5f3c21e5dd724e50daff6d
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-