azorult | ae95d66eee4d33e3b19224450c9dbc47a582735bd6fc246ebba3f3661ddbaa25 | Triage

Submit
Reports

Overview

overview

Static

static

3

426b71f161...fc.exe

windows7-x64

426b71f161...fc.exe

windows10-2004-x64

Sharing

General

Target

426b71f1615a70b9ca72999d51a644fc
Size

2.1MB
Sample

231219-rr4nwsedhq
MD5

426b71f1615a70b9ca72999d51a644fc
SHA1

5080e192c3a12eec57dc4f5c61ec6eb444343749
SHA256

ae95d66eee4d33e3b19224450c9dbc47a582735bd6fc246ebba3f3661ddbaa25
SHA512

bcf22ba8b3a1a73902938a3f1bc10e7a0969b866e3ca48b727831a4c3c7692d4755432efbf05737fbe926c12be5343abecea119d36236bfdd822c07b05abe0ab
SSDEEP

49152:gHwokGmKN/QDrbeAtqA/mgWi9lSLis7XdzWJuHpaz27ZcSf:iFtmKN/wbeADPHS4Juy2B

Score

10^/10

azorult oski raccoon e16d9c3413a8d3bc552d87560e5a14148908608d infostealer stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

426b71f1615a70b9ca72999d51a644fc.exe

Resource

win7-20231129-en

azorult oski raccoon e16d9c3413a8d3bc552d87560e5a14148908608d infostealer stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

426b71f1615a70b9ca72999d51a644fc.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.1

Botnet

e16d9c3413a8d3bc552d87560e5a14148908608d

Attributes

url4cnc
https://t.me/brikitiki

rc4.plain

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

milsom.ug

Targets

- Target
  
  426b71f1615a70b9ca72999d51a644fc
- Size
  
  2.1MB
- MD5
  
  426b71f1615a70b9ca72999d51a644fc
- SHA1
  
  5080e192c3a12eec57dc4f5c61ec6eb444343749
- SHA256
  
  ae95d66eee4d33e3b19224450c9dbc47a582735bd6fc246ebba3f3661ddbaa25
- SHA512
  
  bcf22ba8b3a1a73902938a3f1bc10e7a0969b866e3ca48b727831a4c3c7692d4755432efbf05737fbe926c12be5343abecea119d36236bfdd822c07b05abe0ab
- SSDEEP
  
  49152:gHwokGmKN/QDrbeAtqA/mgWi9lSLis7XdzWJuHpaz27ZcSf:iFtmKN/wbeADPHS4Juy2B
Score

10^/10

azorult oski raccoon e16d9c3413a8d3bc552d87560e5a14148908608d infostealer stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultoskiraccoone16d9c3413a8d3bc552d87560e5a14148908608dinfostealerstealertrojan

behavioral2

© 2018-2024

Terms | Privacy