azorult | fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493 | Triage

Submit
Reports

Overview

overview

Static

static

3

1d14c938c3...18.exe

windows7-x64

1d14c938c3...18.exe

windows10-2004-x64

Sharing

General

Target

1d14c938c3dc37a1e53ffa556b22d177_JaffaCakes118
Size

1.0MB
Sample

240506-sjhbcsba73
MD5

1d14c938c3dc37a1e53ffa556b22d177
SHA1

d212b0d999e33da5994d3966e4bcbb369b1c7289
SHA256

fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493
SHA512

816370cd07c7c04fd6a113c2ebb8fa878d7b4df186101e5bd337bc1f931c292d9d72c7cd6c2895c17be612c79d5ab5a56a848407a8072a25f2817f98c1bac176
SSDEEP

12288:K5Ar24e2MaUYo2TVXsdSY7h02P9e1BSPjY7o5B/hlG4sPY0dye3AaQYeFaotTQpv:K5Q7v+7h02Pg+M74HGfIaQ6rei

Score

10^/10

azorult oski raccoon d58ee081e4d259676e5c18189c82f5356e64ec30 infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d14c938c3dc37a1e53ffa556b22d177_JaffaCakes118.exe

Resource

win7-20240221-en

azorult oski raccoon d58ee081e4d259676e5c18189c82f5356e64ec30 infostealer spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d14c938c3dc37a1e53ffa556b22d177_JaffaCakes118.exe

Resource

win10v2004-20240419-en

azorult oski raccoon d58ee081e4d259676e5c18189c82f5356e64ec30 infostealer spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

raccoon

Botnet

d58ee081e4d259676e5c18189c82f5356e64ec30

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Extracted

Family

oski

C2

courtneysdv.ac.ug

Targets

- Target
  
  1d14c938c3dc37a1e53ffa556b22d177_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  1d14c938c3dc37a1e53ffa556b22d177
- SHA1
  
  d212b0d999e33da5994d3966e4bcbb369b1c7289
- SHA256
  
  fccc12ba866c71644e8d877c8780ee0ba0178c1712b3c05f957f90f59de6d493
- SHA512
  
  816370cd07c7c04fd6a113c2ebb8fa878d7b4df186101e5bd337bc1f931c292d9d72c7cd6c2895c17be612c79d5ab5a56a848407a8072a25f2817f98c1bac176
- SSDEEP
  
  12288:K5Ar24e2MaUYo2TVXsdSY7h02P9e1BSPjY7o5B/hlG4sPY0dye3AaQYeFaotTQpv:K5Q7v+7h02Pg+M74HGfIaQ6rei
Score

10^/10

azorult oski raccoon d58ee081e4d259676e5c18189c82f5356e64ec30 infostealer spyware stealer trojan
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

azorultoskiraccoond58ee081e4d259676e5c18189c82f5356e64ec30infostealerspywarestealertrojan

behavioral2

azorultoskiraccoond58ee081e4d259676e5c18189c82f5356e64ec30infostealerspywarestealertrojan

© 2018-2024

Terms | Privacy