General

  • Target

    819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe

  • Size

    1.1MB

  • Sample

    241127-lc75waxnew

  • MD5

    f49533ae149136b21458b8c77da9f430

  • SHA1

    8e750e2f5a2d8f4613f993c5f0393bb0d1a0316a

  • SHA256

    819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4

  • SHA512

    249ef8e5ea92870e8b1428a6ed6ca2c3cb713d122b5ecaf5b2ac24d78cd4e00006c483de5a1a621c515e3cabb145dd754693712c65d0694d06b12533bdc51846

  • SSDEEP

    24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rY9

Malware Config

Extracted

Family

raccoon

Botnet

b76017a227a0d879dec7c76613918569d03892fb

Attributes
  • url4cnc

    http://telegka.top/brikitiki

    http://telegin.top/brikitiki

    https://t.me/brikitiki

rc4.plain
rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

scarsa.ac.ug

Targets

    • Target

      819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4N.exe

    • Size

      1.1MB

    • MD5

      f49533ae149136b21458b8c77da9f430

    • SHA1

      8e750e2f5a2d8f4613f993c5f0393bb0d1a0316a

    • SHA256

      819b1ae66729ce9fd537de21b5d85ef5710886f7fc9c475904b0dd0aaf14abe4

    • SHA512

      249ef8e5ea92870e8b1428a6ed6ca2c3cb713d122b5ecaf5b2ac24d78cd4e00006c483de5a1a621c515e3cabb145dd754693712c65d0694d06b12533bdc51846

    • SSDEEP

      24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rY9

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Azorult family

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Oski family

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V1 payload

    • Raccoon family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks