azorult | 93ddf61c1aa7c0b867ffbd579b9febdeed4b027d14f8b86d62f7da493706731c | Triage

Submit
Reports

Overview

overview

Static

static

3

b23d6c5698...e1.exe

windows7-x64

b23d6c5698...e1.exe

windows10-2004-x64

Sharing

General

Target

b23d6c569893579789695f3d05accbe1
Size

1.4MB
Sample

240304-qqvtxsbc71
MD5

b23d6c569893579789695f3d05accbe1
SHA1

fa6b1d998500175e122de2c264869fda667bcd26
SHA256

93ddf61c1aa7c0b867ffbd579b9febdeed4b027d14f8b86d62f7da493706731c
SHA512

e816f5121406e32178afeabece8b63c4d773e183d18f705b5a884664013f0fe082830785c2c87913101c5c504a7a7ee60b9987d064c4e5624c681a3674a2e633
SSDEEP

24576:ckJ57Lut19vrBg9qm+BZkvgt7DYOl+FbSoLCwcpN5tgLG6OI8mMe2WLPFouz:T7LG1V/dBZkY1Yo+X+tgLGPi2WLPFou

Score

10^/10

azorult oski raccoon zgrat 43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3 infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b23d6c569893579789695f3d05accbe1.exe

Resource

win7-20240221-en

azorult raccoon zgrat 43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3 infostealer rat stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b23d6c569893579789695f3d05accbe1.exe

Resource

win10v2004-20240226-en

azorult oski raccoon zgrat 43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3 infostealer rat spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Targets

- Target
  
  b23d6c569893579789695f3d05accbe1
- Size
  
  1.4MB
- MD5
  
  b23d6c569893579789695f3d05accbe1
- SHA1
  
  fa6b1d998500175e122de2c264869fda667bcd26
- SHA256
  
  93ddf61c1aa7c0b867ffbd579b9febdeed4b027d14f8b86d62f7da493706731c
- SHA512
  
  e816f5121406e32178afeabece8b63c4d773e183d18f705b5a884664013f0fe082830785c2c87913101c5c504a7a7ee60b9987d064c4e5624c681a3674a2e633
- SSDEEP
  
  24576:ckJ57Lut19vrBg9qm+BZkvgt7DYOl+FbSoLCwcpN5tgLG6OI8mMe2WLPFouz:T7LG1V/dBZkY1Yo+X+tgLGPi2WLPFou
Score

10^/10

azorult raccoon zgrat 43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3 infostealer rat stealer trojan oski spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Detect ZGRat V1
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

azorultraccoonzgrat43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3infostealerratstealertrojan

behavioral2

azorultoskiraccoonzgrat43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3infostealerratspywarestealertrojan

© 2018-2024

Terms | Privacy