General
-
Target
a621e8ce92943201dce4f5965fa4199b.zip
-
Size
6KB
-
Sample
210419-pb1pxc2e1n
-
MD5
674b8596cbe1ef15ffdb78dd17106055
-
SHA1
a4d8b3750bc4e52a08d0d3acc37e0cf3b7178978
-
SHA256
cb011016cdc4f1fdff6bfae06b1a49c244e649de24250f3625d7d3bc5870c96c
-
SHA512
2f738d459496d36d0e91d4f6ef77d16988738a1b3c8bb8572332dc76b9d6a6648c51a73e04127137da75184c8e8fe29e6b6bfb844890f4420c4bacccdbcaf61b
Malware Config
Extracted
https://%6786d78asd6786d78asd%6786d78asd%6786d78asd@j.mp/dmaddwwmwdiwdmddwdwnudnwdxx
Extracted
raccoon
e4dbb69554a4dcf2a21c14794d523a7e729dc429
-
url4cnc
https://telete.in/telehabarik
Targets
-
-
Target
a621e8ce92943201dce4f5965fa4199b
-
Size
62KB
-
MD5
a621e8ce92943201dce4f5965fa4199b
-
SHA1
d0c4e4d68327803cce5a31bf1b375faee2a3ebb9
-
SHA256
4091dc5f238a7795b1ade8879c2bc7c9ac85ab1f107c2d1c3ac16a8da871ff7d
-
SHA512
c7a4c42904a5aed4f8a381e3c92f20c9e8c164519b0e194ae4fea49c1de097818540f437ca15e6e875eab6ea93be9eebf9a92895abc8710c96bfb1be972e9107
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-