Overview

overview

10

Static

static

0733d640a8...5a.exe

windows7-x64

10

0733d640a8...5a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a

  • Size

    1013KB

  • Sample

    220930-ghmc5scfd4

  • MD5

    20b4ed91510de8b2766a7b27b643a007

  • SHA1

    e52812e0a3a17a291f524bde23a7dea44339bbf3

  • SHA256

    0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a

  • SHA512

    bad5c56aeb9b57c7b4591f34f41a157fc60e5038eeef82aaaa297a267bfb6c69ad8d52a9b60142c502756f56829c8a44840c620e1191458135fbb5b319feed0f

  • SSDEEP

    24576:/axyj3UlpY02W9pNydU50sTmJf2fU+NAmAOLm+t:/ac3UoW9OGxTmJ6emACm+

Score
10/10
azorultoskiraccoon1cc7ea34e0c2ffcad2b614bf34887c32c8a79609infostealerspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

1cc7ea34e0c2ffcad2b614bf34887c32c8a79609

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
rc4.plain

Extracted

Family

oski

C2

darkangel.ac.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a

    • Size

      1013KB

    • MD5

      20b4ed91510de8b2766a7b27b643a007

    • SHA1

      e52812e0a3a17a291f524bde23a7dea44339bbf3

    • SHA256

      0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a

    • SHA512

      bad5c56aeb9b57c7b4591f34f41a157fc60e5038eeef82aaaa297a267bfb6c69ad8d52a9b60142c502756f56829c8a44840c620e1191458135fbb5b319feed0f

    • SSDEEP

      24576:/axyj3UlpY02W9pNydU50sTmJf2fU+NAmAOLm+t:/ac3UoW9OGxTmJ6emACm+

    Score
    10/10
    azorultoskiraccoon1cc7ea34e0c2ffcad2b614bf34887c32c8a79609infostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks