Extracted

Extracted

Extracted

• • Target

    9063dd7d69236cca3007587ccc04334b4289ec456f6983673f3d9f749092a29c

  • Size

    914KB

  • MD5

    6ef647cfe131f11e48e3acfd2b52595d

  • SHA1

    27a369afc3127e58c968c4ea07a69c3e0053e8db

  • SHA256

    9063dd7d69236cca3007587ccc04334b4289ec456f6983673f3d9f749092a29c

  • SHA512

    ca65119068e2f5a13700971d69cecddf56266dbe4ba0a45654a15a9254909e6997cc8a9b16c51b406dcbd45da22b3798d50550ea89cf741b9f6f2a4c2a316b05

  • SSDEEP

    24576:3QGX47KXoN7mu8x65nf861hFPV+XN4spG/Ojx:HI72oNL8x65nf860c/Oj

  Score

  10^/10

  azorultraccoonremcos112620225d704573a0f97fb52a93667085c18b77discoveryinfostealerpersistenceratspywarestealertrojanxmrigminer

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2