General
-
Target
0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a
-
Size
1013KB
-
Sample
220930-ghmc5scfd4
-
MD5
20b4ed91510de8b2766a7b27b643a007
-
SHA1
e52812e0a3a17a291f524bde23a7dea44339bbf3
-
SHA256
0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a
-
SHA512
bad5c56aeb9b57c7b4591f34f41a157fc60e5038eeef82aaaa297a267bfb6c69ad8d52a9b60142c502756f56829c8a44840c620e1191458135fbb5b319feed0f
-
SSDEEP
24576:/axyj3UlpY02W9pNydU50sTmJf2fU+NAmAOLm+t:/ac3UoW9OGxTmJ6emACm+
Malware Config
Extracted
raccoon
1.7.1-hotfix
1cc7ea34e0c2ffcad2b614bf34887c32c8a79609
-
url4cnc
https://telete.in/brikitiki
Extracted
oski
darkangel.ac.ug
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a
-
Size
1013KB
-
MD5
20b4ed91510de8b2766a7b27b643a007
-
SHA1
e52812e0a3a17a291f524bde23a7dea44339bbf3
-
SHA256
0733d640a833a24e6c37c8085a6e22ba3245eee995c83edf79f20efa327d365a
-
SHA512
bad5c56aeb9b57c7b4591f34f41a157fc60e5038eeef82aaaa297a267bfb6c69ad8d52a9b60142c502756f56829c8a44840c620e1191458135fbb5b319feed0f
-
SSDEEP
24576:/axyj3UlpY02W9pNydU50sTmJf2fU+NAmAOLm+t:/ac3UoW9OGxTmJ6emACm+
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-