Extracted

Extracted

Extracted

• • Target

    5910272b991d8f96d67515878eaeb8bd961b858a230d29bd9d513fef2bdaad05

  • Size

    1.2MB

  • MD5

    1943148892ed5fa7f23130879dfba3d8

  • SHA1

    5840f0ce8395e98d5ba58df2a721bb5f64c135a9

  • SHA256

    5910272b991d8f96d67515878eaeb8bd961b858a230d29bd9d513fef2bdaad05

  • SHA512

    ce1b4d5afa19598f8d201bcf3a36bf5ab657c5505b2ade135fcd1c45d8be29b1e1eb05fc4256e6796b7ed22162df68b1138218ee098034486a3780a472118f2c

  Score

  10^/10

  azorultoskiraccoon01e5d6885270e0741be9a6e9f0c5a7f148f450eainfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2