Overview

overview

10

Static

static

3

64031ca7bd...53.exe

windows7-x64

10

64031ca7bd...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64031ca7bd657708a2fa8f313b6efe98e9f8a893db1d7fd025e09bdcb15a8853.exe

  • Size

    1.1MB

  • Sample

    241127-rt82dstmbj

  • MD5

    10b99eb3717353b52569a5a1e9234637

  • SHA1

    5d46936d5cef95fdb572a50e866497b82fc023e9

  • SHA256

    64031ca7bd657708a2fa8f313b6efe98e9f8a893db1d7fd025e09bdcb15a8853

  • SHA512

    27474a1031e212f4ec66e5a203602312f20625025d6559466d365f7f8b8c1f2eacdd6107fa6151a08c4e428bbd21beb9681f1aff89cab7540a08e66cdc01b8f8

  • SSDEEP

    24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rYl

Score
10/10
azorultoskiraccoonb76017a227a0d879dec7c76613918569d03892fbdiscoveryinfostealerspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

b76017a227a0d879dec7c76613918569d03892fb

Attributes
  • url4cnc

    http://telegka.top/brikitiki

    http://telegin.top/brikitiki

    https://t.me/brikitiki

rc4.plain
rc4.plain

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Extracted

Family

oski

C2

scarsa.ac.ug

Targets

    • Target

      64031ca7bd657708a2fa8f313b6efe98e9f8a893db1d7fd025e09bdcb15a8853.exe

    • Size

      1.1MB

    • MD5

      10b99eb3717353b52569a5a1e9234637

    • SHA1

      5d46936d5cef95fdb572a50e866497b82fc023e9

    • SHA256

      64031ca7bd657708a2fa8f313b6efe98e9f8a893db1d7fd025e09bdcb15a8853

    • SHA512

      27474a1031e212f4ec66e5a203602312f20625025d6559466d365f7f8b8c1f2eacdd6107fa6151a08c4e428bbd21beb9681f1aff89cab7540a08e66cdc01b8f8

    • SSDEEP

      24576:w06qmrWqPh8mEa3H1WG+34OJ0CFpD0Yn+511xRZ8q2XoHWwb4:8rWI8jYH1m4OJ0gpD0Y+rYl

    Score
    10/10
    azorultoskiraccoonb76017a227a0d879dec7c76613918569d03892fbdiscoveryinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Azorult family

      azorult

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Oski family

      oski

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Raccoon family

      raccoon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks