General

  • Target

    mixsix_20211025-105758

  • Size

    688KB

  • Sample

    211025-kz9fsaghal

  • MD5

    b5e4ae827306f85ad1c9c9a220591b10

  • SHA1

    8e97b7071348aedc2325512e23a3a7bfaacc1c78

  • SHA256

    674822cd6f31947ba8042b6309927c9f34aed7450cd89e18d037ceffb5a911d5

  • SHA512

    4a4483cf5698bb900a037a6b7c3d7f9a0f7122eecaae3e99fdfbe312973fa64e19ef24338b4784152476920ce1aad00fd4c733cb38b10f2f85df95f0865f7756

Malware Config

Extracted

Family

raccoon

Botnet

7c9b4504a63ed23664e38808e65948379b790395

Attributes
  • url4cnc

    http://telegka.top/capibar

    http://telegin.top/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      mixsix_20211025-105758

    • Size

      688KB

    • MD5

      b5e4ae827306f85ad1c9c9a220591b10

    • SHA1

      8e97b7071348aedc2325512e23a3a7bfaacc1c78

    • SHA256

      674822cd6f31947ba8042b6309927c9f34aed7450cd89e18d037ceffb5a911d5

    • SHA512

      4a4483cf5698bb900a037a6b7c3d7f9a0f7122eecaae3e99fdfbe312973fa64e19ef24338b4784152476920ce1aad00fd4c733cb38b10f2f85df95f0865f7756

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks