General

  • Target

    a136512221d589505f4a0741f278c3f6.exe

  • Size

    561KB

  • Sample

    211014-gyr9bsgbgq

  • MD5

    a136512221d589505f4a0741f278c3f6

  • SHA1

    c71dc0551450a97798c05a08887fdd1330ed6ba6

  • SHA256

    bc2bf5271de321e19fa21bae29bcf1260b2e43c8891ab056881f37a1209d8557

  • SHA512

    493fcd26677723965386f85738de05f407a510784349393f3c80a9fbbde38c98db477678cd9941fd7dff714c0c46cb49e8400f8bc52942757900ff085c87aa1b

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes
  • url4cnc

    http://telegatt.top/agrybirdsgamerept

    http://telegka.top/agrybirdsgamerept

    http://telegin.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      a136512221d589505f4a0741f278c3f6.exe

    • Size

      561KB

    • MD5

      a136512221d589505f4a0741f278c3f6

    • SHA1

      c71dc0551450a97798c05a08887fdd1330ed6ba6

    • SHA256

      bc2bf5271de321e19fa21bae29bcf1260b2e43c8891ab056881f37a1209d8557

    • SHA512

      493fcd26677723965386f85738de05f407a510784349393f3c80a9fbbde38c98db477678cd9941fd7dff714c0c46cb49e8400f8bc52942757900ff085c87aa1b

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks