azorult

General

Target

0ce50d28a6ef0d3641e6088908ff42cc0bd900cf3aec5d31dea71faf8fd075b6
Size

1.3MB
Sample

220427-q8y93acbap
MD5

702bd9050b3fef0baaa3f3cc9b7f22dc
SHA1

c6856ab545f8d7602808a75e86c7d0b85018aba1
SHA256

0ce50d28a6ef0d3641e6088908ff42cc0bd900cf3aec5d31dea71faf8fd075b6
SHA512

8ae70e6d6a307161fae72e7fdf212b2823199acae4e322adcd229b3cf1c3766a2ee3f8a38c9e6fdbdba9c0bdde0365d975c04eb539d6500f0daec77f4eceaa52

Score

10^/10

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

c6f4c67877b4427c759f396ca4c1dff4761d3cc9

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

morasergiov.ac.ug

Targets

- Target
  
  0ce50d28a6ef0d3641e6088908ff42cc0bd900cf3aec5d31dea71faf8fd075b6
- Size
  
  1.3MB
- MD5
  
  702bd9050b3fef0baaa3f3cc9b7f22dc
- SHA1
  
  c6856ab545f8d7602808a75e86c7d0b85018aba1
- SHA256
  
  0ce50d28a6ef0d3641e6088908ff42cc0bd900cf3aec5d31dea71faf8fd075b6
- SHA512
  
  8ae70e6d6a307161fae72e7fdf212b2823199acae4e322adcd229b3cf1c3766a2ee3f8a38c9e6fdbdba9c0bdde0365d975c04eb539d6500f0daec77f4eceaa52
Score

10^/10

azorult oski raccoon c6f4c67877b4427c759f396ca4c1dff4761d3cc9 infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Oski

Raccoon

Raccoon Stealer Payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2