Extracted

Extracted

Extracted

• • Target

    zxcv.EXE

  • Size

    868KB

  • MD5

    f9af0046085177c4ae153bd1eacde3e8

  • SHA1

    4f6fe60cd9bb7644cb30003799aa97e8e3947b0c

  • SHA256

    857fc01da428dccc15e996c5e737eda4148df3676c987a4416c5bb0768ce982d

  • SHA512

    f2f828a8a99d54d6757a51060e1665b2146afccf5b5fa529db691ce761b49c8a170b19a692ed7b32c550eee5b5697fdb67f85c5db260047506f7368c81a1fcee

  • SSDEEP

    12288:hpTuCirAe85YCWvTKThBSGKJAK9T/dEEARaf7s+JSmHmSp6vZhjj:horAb5jWLKnSfEELzs+gmGSp6vZhjj

  Score

  10^/10

  azorultoskiraccoon125d9f8ed76e486f6563be097a710bd4cba7f7f2infostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2