Overview

overview

10

Static

static

Sandra

windows10_x64

10

Resubmissions

08-02-2021 07:39

210208-vk216kedze 10

08-02-2021 00:35

210208-f8eg4qhlga 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eci7g.bin.zip

  • Size

    64KB

  • Sample

    210208-vk216kedze

  • MD5

    82556683e612d25ec089121e79bda28d

  • SHA1

    ba75c2e77fa22739675187c1b0de6644f85b710d

  • SHA256

    8a90c1edcbd7e029d9cc42ffb7d50069e98585f8b17983074b0271575704cf49

  • SHA512

    e8ebd5c1511affe21c6b5507427200f526590f173bf092239f7c09f8d3865366dcc8497b54ced3df3faac67a626cc8907e00bd8a7ddc5c9b81429f91b7c9bd4a

Score
10/10
buerraccoonfbb3ff62285b6085836cfe3d032d817936c927a9loaderstealer

Malware Config

Extracted

Family

buer

C2

officewestunionbank.com

bankcreditsign.com

Extracted

Family

raccoon

Botnet

fbb3ff62285b6085836cfe3d032d817936c927a9

Attributes
  • url4cnc

    https://telete.in/jvadikkamushkin

rc4.plain
rc4.plain

Targets

    • Target

      eci7g.bin

    • Size

      97KB

    • MD5

      9168378e6849f1547829afc3f0357f6a

    • SHA1

      097d64d174b8243434f026f2fd24e536cc3686bc

    • SHA256

      d333192a262ceaec75b68c0e6082cf868eb77a0e81010f590451814770b6ce31

    • SHA512

      4c69f85af810334506dd1b8d2e409e30ce8c8471073b56bece6312dcda109705720c41255d49e1d7976b847f4ca586113208fdec805aac2398fc890fc230754b

    Score
    10/10
    buerraccoonfbb3ff62285b6085836cfe3d032d817936c927a9loaderstealer

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks