General

  • Target

    usfive_20211023-135458

  • Size

    688KB

  • Sample

    211023-n6kmsadccl

  • MD5

    be36df648684719dc99b5cce25b17671

  • SHA1

    af02e158bfb2af09e51cb39e1f81d3ee226c6d3e

  • SHA256

    d1cbd728d676101996fe55e7f4b87333f0efe91e250b467fd61262748e080d46

  • SHA512

    8031f80eeeee8b024767ed69819adbe808363d0015e8ddae673b950516af74f2aa79b658d78f91740632c80a0b6561b4228d23b63d89779ba01c2681dd428968

Malware Config

Extracted

Family

raccoon

Botnet

7c9b4504a63ed23664e38808e65948379b790395

Attributes
  • url4cnc

    http://telegka.top/capibar

    http://telegin.top/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      usfive_20211023-135458

    • Size

      688KB

    • MD5

      be36df648684719dc99b5cce25b17671

    • SHA1

      af02e158bfb2af09e51cb39e1f81d3ee226c6d3e

    • SHA256

      d1cbd728d676101996fe55e7f4b87333f0efe91e250b467fd61262748e080d46

    • SHA512

      8031f80eeeee8b024767ed69819adbe808363d0015e8ddae673b950516af74f2aa79b658d78f91740632c80a0b6561b4228d23b63d89779ba01c2681dd428968

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks