Overview

overview

10

Static

static

5cd5861ce0...54.exe

windows7_x64

10

5cd5861ce0...54.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cd5861ce0c007ee7d09a79df1a93424ee1f4c2ed503b140e60ac22f6e5ece54

  • Size

    1.4MB

  • Sample

    220524-wt84lscfb9

  • MD5

    6ae1da8abe6ef9817a617acec71bab22

  • SHA1

    aa61bd2997030f1798399708fc07eca23887d0fc

  • SHA256

    5cd5861ce0c007ee7d09a79df1a93424ee1f4c2ed503b140e60ac22f6e5ece54

  • SHA512

    fe6c6328d990f67b28ae7478d025fcb1e5a6c5f2a974dece4b5ab70a7b7106f720118ed2257cf39419221b29c4b53e34099402bca73846a18050d64f03a2e355

Score
10/10
azorultoskiraccoon180d3985eb74eacf2de83c771fbf30a60f670ec0infostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

levitt.ug

Extracted

Family

raccoon

Botnet

180d3985eb74eacf2de83c771fbf30a60f670ec0

Attributes
  • url4cnc

    https://telete.in/jrikitiki

rc4.plain
rc4.plain

Targets

    • Target

      5cd5861ce0c007ee7d09a79df1a93424ee1f4c2ed503b140e60ac22f6e5ece54

    • Size

      1.4MB

    • MD5

      6ae1da8abe6ef9817a617acec71bab22

    • SHA1

      aa61bd2997030f1798399708fc07eca23887d0fc

    • SHA256

      5cd5861ce0c007ee7d09a79df1a93424ee1f4c2ed503b140e60ac22f6e5ece54

    • SHA512

      fe6c6328d990f67b28ae7478d025fcb1e5a6c5f2a974dece4b5ab70a7b7106f720118ed2257cf39419221b29c4b53e34099402bca73846a18050d64f03a2e355

    Score
    10/10
    azorultoskiraccoon180d3985eb74eacf2de83c771fbf30a60f670ec0infostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Raccoon Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks