azorult | 4e1a08f808a281378cc6dd3bcdd56901dd23450ad2d75eb103c17ad10787dff3 | Triage

Submit
Reports

Overview

overview

Static

static

3

8334fb6c79...89.exe

windows7-x64

8334fb6c79...89.exe

windows10-2004-x64

Sharing

General

Target

8334fb6c79b105346c5818c1b07ef489
Size

968KB
Sample

231219-x4qwfscdbm
MD5

8334fb6c79b105346c5818c1b07ef489
SHA1

c5aa12b7887eb5edff411f7f0c30760b740804ae
SHA256

4e1a08f808a281378cc6dd3bcdd56901dd23450ad2d75eb103c17ad10787dff3
SHA512

4f992038e51dfde5385f883ebfb8fc6f841e167bcebde3ef684e3602d7a313569a2fe6de449b892124d0df4f0e7ee1330af03193ce42af72c80d46513848ca60
SSDEEP

24576:GBrF5E3A9TcdekDnFjQohahKgXjZaj51ldq6O2aZeKBpFtlp32aky2aAr:Uc3A94gkDnFjzahTXj4HqgUXLmdfVr

Score

10^/10

azorult oski raccoon 728e62b0300799f2a8741c39a71a1543c6759e8d infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8334fb6c79b105346c5818c1b07ef489.exe

Resource

win7-20231215-en

azorult oski raccoon 728e62b0300799f2a8741c39a71a1543c6759e8d infostealer spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8334fb6c79b105346c5818c1b07ef489.exe

Resource

win10v2004-20231215-en

azorult oski raccoon 728e62b0300799f2a8741c39a71a1543c6759e8d infostealer spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

scarsa.ac.ug

Extracted

Family

raccoon

Version

1.8.2

Botnet

728e62b0300799f2a8741c39a71a1543c6759e8d

Attributes

url4cnc
http://teletop.top/brikitiki
http://teleta.top/brikitiki
https://t.me/brikitiki

rc4.plain

rc4.plain

Targets

- Target
  
  8334fb6c79b105346c5818c1b07ef489
- Size
  
  968KB
- MD5
  
  8334fb6c79b105346c5818c1b07ef489
- SHA1
  
  c5aa12b7887eb5edff411f7f0c30760b740804ae
- SHA256
  
  4e1a08f808a281378cc6dd3bcdd56901dd23450ad2d75eb103c17ad10787dff3
- SHA512
  
  4f992038e51dfde5385f883ebfb8fc6f841e167bcebde3ef684e3602d7a313569a2fe6de449b892124d0df4f0e7ee1330af03193ce42af72c80d46513848ca60
- SSDEEP
  
  24576:GBrF5E3A9TcdekDnFjQohahKgXjZaj51ldq6O2aZeKBpFtlp32aky2aAr:Uc3A94gkDnFjzahTXj4HqgUXLmdfVr
Score

10^/10

azorult oski raccoon 728e62b0300799f2a8741c39a71a1543c6759e8d infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultoskiraccoon728e62b0300799f2a8741c39a71a1543c6759e8dinfostealerspywarestealertrojan

behavioral2

azorultoskiraccoon728e62b0300799f2a8741c39a71a1543c6759e8dinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy