General
-
Target
adba935c663db2d4c2a53f01434f1e11_JaffaCakes118
-
Size
1.1MB
-
Sample
240615-k93qzsyenq
-
MD5
adba935c663db2d4c2a53f01434f1e11
-
SHA1
87a24cd1d7cc1985e29ff1bd384c48dbde1b97a0
-
SHA256
362d3fd69c524f00f783eda97ea2229b80573d5cd1e849d3a0d6a17034ebd38a
-
SHA512
db0c45d4b0eb9e91a18cd99e1f921ddd301adbdf9f9a41a585caffc1d5c994c2f18aa1162c06cfe63c3c89f07c13d21c37e78bf64b9aeb42442f9192b369d3bd
-
SSDEEP
24576:BGB08Fkcf4VYMOAcheLwsO7pcdpeewR1fGB08Fk8PviOCNGB08FkFmoz4OXzn:GpkenAJjOlcdMl1cpkOKOCCpkD4OXzn
Malware Config
Extracted
raccoon
236c7f8a01d741b888dc6b6209805e66d41e62ba
-
url4cnc
https://telete.in/brikitiki
Extracted
oski
courtneysdv.ac.ug
Extracted
azorult
http://195.245.112.115/index.php
Targets
-
-
Target
adba935c663db2d4c2a53f01434f1e11_JaffaCakes118
-
Size
1.1MB
-
MD5
adba935c663db2d4c2a53f01434f1e11
-
SHA1
87a24cd1d7cc1985e29ff1bd384c48dbde1b97a0
-
SHA256
362d3fd69c524f00f783eda97ea2229b80573d5cd1e849d3a0d6a17034ebd38a
-
SHA512
db0c45d4b0eb9e91a18cd99e1f921ddd301adbdf9f9a41a585caffc1d5c994c2f18aa1162c06cfe63c3c89f07c13d21c37e78bf64b9aeb42442f9192b369d3bd
-
SSDEEP
24576:BGB08Fkcf4VYMOAcheLwsO7pcdpeewR1fGB08Fk8PviOCNGB08FkFmoz4OXzn:GpkenAJjOlcdMl1cpkOKOCCpkD4OXzn
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V1 payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-