azorult | 14a0d25b4d33216e9110c9588fa3168105efdad28827e772c4798337544eb708 | Triage

Submit
Reports

Overview

overview

Static

static

3

3d2464f216...74.exe

windows7-x64

3d2464f216...74.exe

windows10-2004-x64

Sharing

General

Target

3d2464f216fefa68655ac55172064d74
Size

1.1MB
Sample

240101-r9pyfscgdj
MD5

3d2464f216fefa68655ac55172064d74
SHA1

99d8c98dfe10512411122d7f0c84b70fa86508d5
SHA256

14a0d25b4d33216e9110c9588fa3168105efdad28827e772c4798337544eb708
SHA512

e73727d834658727c06a78b3f1969021195546057a0f685808c406a22bde6543e45f63d170c8ef21d52b174e9aa76b5903f0e46a34164ea2bfde1de4977d5d15
SSDEEP

24576:IS72iH9ECoxrUgJPb/EbYVRt93w30lC5IoYvHz:ISbD6UgZBgElC5bYvHz

Score

10^/10

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d2464f216fefa68655ac55172064d74.exe

Resource

win7-20231215-en

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 infostealer spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d2464f216fefa68655ac55172064d74.exe

Resource

win10v2004-20231215-en

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 infostealer spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Extracted

Family

oski

C2

kullasa.ac.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

- Target
  
  3d2464f216fefa68655ac55172064d74
- Size
  
  1.1MB
- MD5
  
  3d2464f216fefa68655ac55172064d74
- SHA1
  
  99d8c98dfe10512411122d7f0c84b70fa86508d5
- SHA256
  
  14a0d25b4d33216e9110c9588fa3168105efdad28827e772c4798337544eb708
- SHA512
  
  e73727d834658727c06a78b3f1969021195546057a0f685808c406a22bde6543e45f63d170c8ef21d52b174e9aa76b5903f0e46a34164ea2bfde1de4977d5d15
- SSDEEP
  
  24576:IS72iH9ECoxrUgJPb/EbYVRt93w30lC5IoYvHz:ISbD6UgZBgElC5bYvHz
Score

10^/10

azorult oski raccoon c81fb6015c832710f869f6911e1aec18747e0184 infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultoskiraccoonc81fb6015c832710f869f6911e1aec18747e0184infostealerspywarestealertrojan

behavioral2

azorultoskiraccoonc81fb6015c832710f869f6911e1aec18747e0184infostealerspywarestealertrojan

© 2018-2024

Terms | Privacy