azorult

General

Target

13383a95305773d0defdd99d9d5d555eb72d8bea2265b44f133c56ffbdae2289
Size

1.3MB
Sample

220319-xjebxsgbh4
MD5

7da845a5f52888d10082d83808e57376
SHA1

37761cc45c10940f3c9ab2d6f48ca33deab126e3
SHA256

13383a95305773d0defdd99d9d5d555eb72d8bea2265b44f133c56ffbdae2289
SHA512

a130bf77c66a3f32478a7f7c02fe9c9a628ae68e13aeb52decad3d145c417945d0332dbd722e8795c91554b58a46b0e0fe1896c61b9be770d9ed3a09ce8d3275

Score

10^/10

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

darkangel.ac.ug

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

1cc7ea34e0c2ffcad2b614bf34887c32c8a79609

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

Targets

- Target
  
  13383a95305773d0defdd99d9d5d555eb72d8bea2265b44f133c56ffbdae2289
- Size
  
  1.3MB
- MD5
  
  7da845a5f52888d10082d83808e57376
- SHA1
  
  37761cc45c10940f3c9ab2d6f48ca33deab126e3
- SHA256
  
  13383a95305773d0defdd99d9d5d555eb72d8bea2265b44f133c56ffbdae2289
- SHA512
  
  a130bf77c66a3f32478a7f7c02fe9c9a628ae68e13aeb52decad3d145c417945d0332dbd722e8795c91554b58a46b0e0fe1896c61b9be770d9ed3a09ce8d3275
Score

10^/10

azorult oski raccoon 1cc7ea34e0c2ffcad2b614bf34887c32c8a79609 infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Oski

Raccoon

Raccoon Stealer Payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2