Overview

overview

10

Static

static

3

0d88cf8de4...18.exe

windows7-x64

10

0d88cf8de4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d88cf8de40612246c04de7dadb4dc56_JaffaCakes118

  • Size

    800KB

  • Sample

    240502-fcx21shb6z

  • MD5

    0d88cf8de40612246c04de7dadb4dc56

  • SHA1

    2ca8d4c46d13a84e16970fb55e17d6544cb51878

  • SHA256

    2082c4f394b08d4bb03367395ec711487ee88fc8eed4a7d0eff97f0ad8ea7cee

  • SHA512

    375f55741a08625031c3427066b906c663d36b99e760a059aa4a5f700d9976696690b8fb8b9fb2746091aceab4fdcdb951bf3f5a72e71e7ebce4f80152df84e4

  • SSDEEP

    24576:G0xnF8LExZhh4Ze2fduGU58bVhXwnoN12dn1ixM2c7gF:G0xnF8LEfhh4kSdRU58woN1UnYxMB7

Score
10/10
azorultoskiraccoonzgrat236c7f8a01d741b888dc6b6209805e66d41e62bainfostealerratspywarestealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

236c7f8a01d741b888dc6b6209805e66d41e62ba

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
rc4.plain

Extracted

Family

oski

C2

courtneysdv.ac.ug

Extracted

Family

azorult

C2

http://195.245.112.115/index.php

Targets

    • Target

      0d88cf8de40612246c04de7dadb4dc56_JaffaCakes118

    • Size

      800KB

    • MD5

      0d88cf8de40612246c04de7dadb4dc56

    • SHA1

      2ca8d4c46d13a84e16970fb55e17d6544cb51878

    • SHA256

      2082c4f394b08d4bb03367395ec711487ee88fc8eed4a7d0eff97f0ad8ea7cee

    • SHA512

      375f55741a08625031c3427066b906c663d36b99e760a059aa4a5f700d9976696690b8fb8b9fb2746091aceab4fdcdb951bf3f5a72e71e7ebce4f80152df84e4

    • SSDEEP

      24576:G0xnF8LExZhh4Ze2fduGU58bVhXwnoN12dn1ixM2c7gF:G0xnF8LEfhh4kSdRU58woN1UnYxMB7

    Score
    10/10
    azorultoskiraccoonzgrat236c7f8a01d741b888dc6b6209805e66d41e62bainfostealerratspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Detect ZGRat V1

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks