azorult | e8e31ad00eb7d6e4124e0d9dcd2a2e4ca20afa68007c0e655ae8cc5ca4bfdad9 | Triage

Submit
Reports

Overview

overview

Static

static

3

59b1a1f58b...53.exe

windows7-x64

59b1a1f58b...53.exe

windows10-2004-x64

Sharing

General

Target

59b1a1f58b7ca014b73a2eebda7eae53
Size

1.2MB
Sample

240113-3jz7aagabm
MD5

59b1a1f58b7ca014b73a2eebda7eae53
SHA1

553c47a56200b6d957e0ce1ea126399831012c5d
SHA256

e8e31ad00eb7d6e4124e0d9dcd2a2e4ca20afa68007c0e655ae8cc5ca4bfdad9
SHA512

8eb261de8b0396535f2f25d620e504961b79c252769634afe65aa1aff70792a91d183036ace376c8b1030186f270886c853458667f89296b5995887478072db0
SSDEEP

24576:baHmapSp81RMg7gOuBg5p4nhr37H+9nTSkGHCf:barSy1RMsgOuC7yzCtO5C

Score

10^/10

azorult oski raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

59b1a1f58b7ca014b73a2eebda7eae53.exe

Resource

win7-20231215-en

azorult raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

59b1a1f58b7ca014b73a2eebda7eae53.exe

Resource

win10v2004-20231215-en

azorult oski raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c81fb6015c832710f869f6911e1aec18747e0184

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

gordonhk.ac.ug

Targets

- Target
  
  59b1a1f58b7ca014b73a2eebda7eae53
- Size
  
  1.2MB
- MD5
  
  59b1a1f58b7ca014b73a2eebda7eae53
- SHA1
  
  553c47a56200b6d957e0ce1ea126399831012c5d
- SHA256
  
  e8e31ad00eb7d6e4124e0d9dcd2a2e4ca20afa68007c0e655ae8cc5ca4bfdad9
- SHA512
  
  8eb261de8b0396535f2f25d620e504961b79c252769634afe65aa1aff70792a91d183036ace376c8b1030186f270886c853458667f89296b5995887478072db0
- SSDEEP
  
  24576:baHmapSp81RMg7gOuBg5p4nhr37H+9nTSkGHCf:barSy1RMsgOuC7yzCtO5C
Score

10^/10

azorult raccoon zgrat c81fb6015c832710f869f6911e1aec18747e0184 infostealer rat stealer trojan oski spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultraccoonzgratc81fb6015c832710f869f6911e1aec18747e0184infostealerratstealertrojan

behavioral2

azorultoskiraccoonzgratc81fb6015c832710f869f6911e1aec18747e0184infostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy