usfive_20211023-135458

General
Target

usfive_20211023-135458

Size

688KB

Sample

211023-n6kmsadccl

Score
10 /10
MD5

be36df648684719dc99b5cce25b17671

SHA1

af02e158bfb2af09e51cb39e1f81d3ee226c6d3e

SHA256

d1cbd728d676101996fe55e7f4b87333f0efe91e250b467fd61262748e080d46

SHA512

8031f80eeeee8b024767ed69819adbe808363d0015e8ddae673b950516af74f2aa79b658d78f91740632c80a0b6561b4228d23b63d89779ba01c2681dd428968

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

usfive_20211023-135458

MD5

be36df648684719dc99b5cce25b17671

Filesize

688KB

Score
10/10
SHA1

af02e158bfb2af09e51cb39e1f81d3ee226c6d3e

SHA256

d1cbd728d676101996fe55e7f4b87333f0efe91e250b467fd61262748e080d46

SHA512

8031f80eeeee8b024767ed69819adbe808363d0015e8ddae673b950516af74f2aa79b658d78f91740632c80a0b6561b4228d23b63d89779ba01c2681dd428968

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation