General
-
Target
43289193e35ad500026942fe9da85b24142625f3dba0e26b88f646bde55a0112
-
Size
1.6MB
-
Sample
220707-3s3nrsbac5
-
MD5
c8bee82b1d76257b8977b3f373827100
-
SHA1
60535191909cefb0932e1ab71c42a05ecff3f84f
-
SHA256
43289193e35ad500026942fe9da85b24142625f3dba0e26b88f646bde55a0112
-
SHA512
bd3e786a9728fe145ca6bfba5802473be1a5c60f2691d48e39c8d4f33023f06c154ada1778cc495d4d292c28dcc908eb9114239ccfc39c2573d7d53a8b43f0be
Malware Config
Extracted
raccoon
e5a98a0423e8a05c07c85512b1c0eb7a8fff35a1
-
url4cnc
https://telete.in/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
pabloq.ug
Targets
-
-
Target
43289193e35ad500026942fe9da85b24142625f3dba0e26b88f646bde55a0112
-
Size
1.6MB
-
MD5
c8bee82b1d76257b8977b3f373827100
-
SHA1
60535191909cefb0932e1ab71c42a05ecff3f84f
-
SHA256
43289193e35ad500026942fe9da85b24142625f3dba0e26b88f646bde55a0112
-
SHA512
bd3e786a9728fe145ca6bfba5802473be1a5c60f2691d48e39c8d4f33023f06c154ada1778cc495d4d292c28dcc908eb9114239ccfc39c2573d7d53a8b43f0be
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-