Overview

overview

10

Static

static

e3139870fe...fc.exe

windows7_x64

10

e3139870fe...fc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3139870fe717d2dee465d47449b2efc.exe

  • Size

    561KB

  • Sample

    211014-gx614agbgp

  • MD5

    e3139870fe717d2dee465d47449b2efc

  • SHA1

    811dc47f615a8882d43635ef086421fd41fbeb38

  • SHA256

    ccbfdd0661ad91a09b7226542b5feb70e01b108951a0a382b2381ea25b7c73d7

  • SHA512

    e5e9718c2372cbe28a132fce27c6fa42eee1a13f751253d9eb2be0b133208fff7959ae23b4446f937357753af1e562a199ba4b67db91d31544b8eb2f8f82fb74

Score
10/10
raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes
  • url4cnc

    http://telegatt.top/agrybirdsgamerept

    http://telegka.top/agrybirdsgamerept

    http://telegin.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      e3139870fe717d2dee465d47449b2efc.exe

    • Size

      561KB

    • MD5

      e3139870fe717d2dee465d47449b2efc

    • SHA1

      811dc47f615a8882d43635ef086421fd41fbeb38

    • SHA256

      ccbfdd0661ad91a09b7226542b5feb70e01b108951a0a382b2381ea25b7c73d7

    • SHA512

      e5e9718c2372cbe28a132fce27c6fa42eee1a13f751253d9eb2be0b133208fff7959ae23b4446f937357753af1e562a199ba4b67db91d31544b8eb2f8f82fb74

    Score
    10/10
    raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks