General
-
Target
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe
-
Size
1.1MB
-
Sample
241127-lc75waxnew
-
MD5
f49533ae149136b21458b8c77da9f430
-
SHA1
8e750e2f5a2d8f4613f993c5f0393bb0d1a0316a
-
SHA256
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4
-
SHA512
249ef8e5ea92870e8b1428a6ed6ca2c3cb713d122b5ecaf5b2ac24d78cd4e00006c483de5a1a621c515e3cabb145dd754693712c65d0694d06b12533bdc51846
-
SSDEEP
24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rY9
Static task
static1
Behavioral task
behavioral1
Sample
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
raccoon
b76017a227a0d879dec7c76613918569d03892fb
-
url4cnc
http://telegka.top/brikitiki
http://telegin.top/brikitiki
https://t.me/brikitiki
Extracted
azorult
http://195.245.112.115/index.php
Extracted
oski
scarsa.ac.ug
Targets
-
-
Target
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe
-
Size
1.1MB
-
MD5
f49533ae149136b21458b8c77da9f430
-
SHA1
8e750e2f5a2d8f4613f993c5f0393bb0d1a0316a
-
SHA256
819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4
-
SHA512
249ef8e5ea92870e8b1428a6ed6ca2c3cb713d122b5ecaf5b2ac24d78cd4e00006c483de5a1a621c515e3cabb145dd754693712c65d0694d06b12533bdc51846
-
SSDEEP
24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rY9
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Azorult family
-
Oski family
-
Raccoon Stealer V1 payload
-
Raccoon family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-