Overview

overview

10

Static

static

fccc12ba86...93.exe

windows7_x64

10

fccc12ba86...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493

  • Size

    1.0MB

  • Sample

    220515-z61vjsfgc9

  • MD5

    1d14c938c3dc37a1e53ffa556b22d177

  • SHA1

    d212b0d999e33da5994d3966e4bcbb369b1c7289

  • SHA256

    fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493

  • SHA512

    816370cd07c7c04fd6a113c2ebb8fa878d7b4df186101e5bd337bc1f931c292d9d72c7cd6c2895c17be612c79d5ab5a56a848407a8072a25f2817f98c1bac176

Score
10/10
azorultoskiraccoond58ee081e4d259676e5c18189c82f5356e64ec30infostealerspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

d58ee081e4d259676e5c18189c82f5356e64ec30

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

courtneysdv.ac.ug

Targets

    • Target

      fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493

    • Size

      1.0MB

    • MD5

      1d14c938c3dc37a1e53ffa556b22d177

    • SHA1

      d212b0d999e33da5994d3966e4bcbb369b1c7289

    • SHA256

      fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493

    • SHA512

      816370cd07c7c04fd6a113c2ebb8fa878d7b4df186101e5bd337bc1f931c292d9d72c7cd6c2895c17be612c79d5ab5a56a848407a8072a25f2817f98c1bac176

    Score
    10/10
    azorultoskiraccoond58ee081e4d259676e5c18189c82f5356e64ec30infostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Raccoon Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks