Overview

overview

10

Static

static

3

2292f50e6e...18.exe

windows7-x64

10

2292f50e6e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2292f50e6ebdf3eae9cbb254ca0464a9_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240728-ze4gcstbjm

  • MD5

    2292f50e6ebdf3eae9cbb254ca0464a9

  • SHA1

    5e7897406f6a5859638982f347d569bc2bfe3614

  • SHA256

    f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

  • SHA512

    688c8814bef5f31254a66a4d83d08d0e2d81ee00eee7887829f3c8639c75cae323e1f30d9bb07ee1751c4c4d06d7ea6315ba48509613c5364ea930c6485586a5

  • SSDEEP

    24576:V3QswWX5+hV2Sy8CqmGs8BW1kNtWPDsygFTqqaW:V3bT0hQSy8CqmYW10EsNTRaW

Score
10/10
azorultoskiraccoon236c7f8a01d741b888dc6b6209805e66d41e62bacredential_accessdiscoveryinfostealerspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

236c7f8a01d741b888dc6b6209805e66d41e62ba

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
rc4.plain

Extracted

Family

oski

C2

nadia.ac.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      2292f50e6ebdf3eae9cbb254ca0464a9_JaffaCakes118

    • Size

      1.0MB

    • MD5

      2292f50e6ebdf3eae9cbb254ca0464a9

    • SHA1

      5e7897406f6a5859638982f347d569bc2bfe3614

    • SHA256

      f539c1e201030689ba917991a929526485f79e99f421802a9a7dc4d9a962ecd2

    • SHA512

      688c8814bef5f31254a66a4d83d08d0e2d81ee00eee7887829f3c8639c75cae323e1f30d9bb07ee1751c4c4d06d7ea6315ba48509613c5364ea930c6485586a5

    • SSDEEP

      24576:V3QswWX5+hV2Sy8CqmGs8BW1kNtWPDsygFTqqaW:V3bT0hQSy8CqmYW10EsNTRaW

    Score
    10/10
    azorultoskiraccoon236c7f8a01d741b888dc6b6209805e66d41e62bacredential_accessdiscoveryinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks