azorult | d0b7a458e09fd14ae8476200bd5acf2fc93ea0e2fea357079a88df80e720c23d | Triage

Submit
Reports

Overview

overview

Static

static

3

020824e5aa...3a.exe

windows7-x64

020824e5aa...3a.exe

windows10-2004-x64

Sharing

General

Target

020824e5aa9ecb744b1b94bd855a8f3a
Size

1.2MB
Sample

231229-ydlz9agdf9
MD5

020824e5aa9ecb744b1b94bd855a8f3a
SHA1

d6082fcfcfa6e7f1d719c2c02a3e761e46d48004
SHA256

d0b7a458e09fd14ae8476200bd5acf2fc93ea0e2fea357079a88df80e720c23d
SHA512

d30c70279155b33f0c46e11ca4c591f00caf1574a0a02a7875226f0fea0b09327685ab2b6a52fa216d01032c362b2f119bea8aa4cbae0717e687a43eacbe8a33
SSDEEP

24576:o8oQcipzX0UCT88jNiyBHBhwCU2RUclLlsHD6tn4883JJRYI+fS3La:o8oQcipzX0UL8xHrhlUEUclLCD6tn4d9

Score

10^/10

azorult oski raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

020824e5aa9ecb744b1b94bd855a8f3a.exe

Resource

win7-20231215-en

azorult raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

020824e5aa9ecb744b1b94bd855a8f3a.exe

Resource

win10v2004-20231215-en

azorult oski raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

hsagoi.ac.ug

Targets

- Target
  
  020824e5aa9ecb744b1b94bd855a8f3a
- Size
  
  1.2MB
- MD5
  
  020824e5aa9ecb744b1b94bd855a8f3a
- SHA1
  
  d6082fcfcfa6e7f1d719c2c02a3e761e46d48004
- SHA256
  
  d0b7a458e09fd14ae8476200bd5acf2fc93ea0e2fea357079a88df80e720c23d
- SHA512
  
  d30c70279155b33f0c46e11ca4c591f00caf1574a0a02a7875226f0fea0b09327685ab2b6a52fa216d01032c362b2f119bea8aa4cbae0717e687a43eacbe8a33
- SSDEEP
  
  24576:o8oQcipzX0UCT88jNiyBHBhwCU2RUclLlsHD6tn4883JJRYI+fS3La:o8oQcipzX0UL8xHrhlUEUclLCD6tn4d9
Score

10^/10

azorult raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat stealer trojan oski spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultraccoonzgratc81fb6015c832710f869f6911e1aec18747e0184infostealerratstealertrojan

behavioral2

azorultoskiraccoonzgratc81fb6015c832710f869f6911e1aec18747e0184infostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy