General
-
Target
e9909c77bc763fd20edbfbd3b4ad1306399d365312ea50eb45079a4f54afc0e2
-
Size
736KB
-
Sample
220501-3s8vsabdgp
-
MD5
1f76254f98b1ce3e145e72de250b6b01
-
SHA1
2f7170a01be8b4638b9b869758d7b34a49306c14
-
SHA256
e9909c77bc763fd20edbfbd3b4ad1306399d365312ea50eb45079a4f54afc0e2
-
SHA512
f4e1640018e7cc8994ac917a3208a1c3b7152c373182c9fe62cc7a7b73ecc81c470039530122c52e8b1f3386de0c3165d61be3188f409d72ce86511421b2b289
Malware Config
Extracted
raccoon
cf43f57ef5d1c064538f5f9d27891dc66c96dad8
-
url4cnc
https://telete.in/brikitiki
Extracted
oski
nadia.ac.ug
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
e9909c77bc763fd20edbfbd3b4ad1306399d365312ea50eb45079a4f54afc0e2
-
Size
736KB
-
MD5
1f76254f98b1ce3e145e72de250b6b01
-
SHA1
2f7170a01be8b4638b9b869758d7b34a49306c14
-
SHA256
e9909c77bc763fd20edbfbd3b4ad1306399d365312ea50eb45079a4f54afc0e2
-
SHA512
f4e1640018e7cc8994ac917a3208a1c3b7152c373182c9fe62cc7a7b73ecc81c470039530122c52e8b1f3386de0c3165d61be3188f409d72ce86511421b2b289
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-