azorult

General

Target

426b71f1615a70b9ca72999d51a644fc
Size

2.1MB
Sample

231219-rr4nwsedhq
MD5

426b71f1615a70b9ca72999d51a644fc
SHA1

5080e192c3a12eec57dc4f5c61ec6eb444343749
SHA256

ae95d66eee4d33e3b19224450c9dbc47a582735bd6fc246ebba3f3661ddbaa25
SHA512

bcf22ba8b3a1a73902938a3f1bc10e7a0969b866e3ca48b727831a4c3c7692d4755432efbf05737fbe926c12be5343abecea119d36236bfdd822c07b05abe0ab
SSDEEP

49152:gHwokGmKN/QDrbeAtqA/mgWi9lSLis7XdzWJuHpaz27ZcSf:iFtmKN/wbeADPHS4Juy2B

Score

10^/10

Malware Config

Extracted

Family

raccoon

Version

1.8.1

Botnet

e16d9c3413a8d3bc552d87560e5a14148908608d

Attributes

url4cnc
https://t.me/brikitiki

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

milsom.ug

Targets

- Target
  
  426b71f1615a70b9ca72999d51a644fc
- Size
  
  2.1MB
- MD5
  
  426b71f1615a70b9ca72999d51a644fc
- SHA1
  
  5080e192c3a12eec57dc4f5c61ec6eb444343749
- SHA256
  
  ae95d66eee4d33e3b19224450c9dbc47a582735bd6fc246ebba3f3661ddbaa25
- SHA512
  
  bcf22ba8b3a1a73902938a3f1bc10e7a0969b866e3ca48b727831a4c3c7692d4755432efbf05737fbe926c12be5343abecea119d36236bfdd822c07b05abe0ab
- SSDEEP
  
  49152:gHwokGmKN/QDrbeAtqA/mgWi9lSLis7XdzWJuHpaz27ZcSf:iFtmKN/wbeADPHS4Juy2B
Score

10^/10

azorult oski raccoon e16d9c3413a8d3bc552d87560e5a14148908608d infostealer stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Oski

Raccoon

Raccoon Stealer V1 payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2