f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

General
Target

f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

Size

1MB

Sample

220516-fvwxnsghgn

Score
10 /10
MD5

2292f50e6ebdf3eae9cbb254ca0464a9

SHA1

5e7897406f6a5859638982f347d569bc2bfe3614

SHA256

f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

SHA512

688c8814bef5f31254a66a4d83d08d0e2d81ee00eee7887829f3c8639c75cae323e1f30d9bb07ee1751c4c4d06d7ea6315ba48509613c5364ea930c6485586a5

Malware Config

Extracted

Family raccoon
Botnet 236c7f8a01d741b888dc6b6209805e66d41e62ba
Attributes
url4cnc
https://telete.in/brikitiki
rc4.plain
rc4.plain

Extracted

Family oski
C2

nadia.ac.ug

Extracted

Family azorult
C2

http://195.245.112.115/index.php

Targets
Target

f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

MD5

2292f50e6ebdf3eae9cbb254ca0464a9

Filesize

1MB

Score
10/10
SHA1

5e7897406f6a5859638982f347d569bc2bfe3614

SHA256

f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

SHA512

688c8814bef5f31254a66a4d83d08d0e2d81ee00eee7887829f3c8639c75cae323e1f30d9bb07ee1751c4c4d06d7ea6315ba48509613c5364ea930c6485586a5

Tags

Signatures

  • Azorult

    Description

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    Tags

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation