mixsix_20211025-105758

General
Target

mixsix_20211025-105758

Size

688KB

Sample

211025-kz9fsaghal

Score
10 /10
MD5

b5e4ae827306f85ad1c9c9a220591b10

SHA1

8e97b7071348aedc2325512e23a3a7bfaacc1c78

SHA256

674822cd6f31947ba8042b6309927c9f34aed7450cd89e18d037ceffb5a911d5

SHA512

4a4483cf5698bb900a037a6b7c3d7f9a0f7122eecaae3e99fdfbe312973fa64e19ef24338b4784152476920ce1aad00fd4c733cb38b10f2f85df95f0865f7756

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

mixsix_20211025-105758

MD5

b5e4ae827306f85ad1c9c9a220591b10

Filesize

688KB

Score
10/10
SHA1

8e97b7071348aedc2325512e23a3a7bfaacc1c78

SHA256

674822cd6f31947ba8042b6309927c9f34aed7450cd89e18d037ceffb5a911d5

SHA512

4a4483cf5698bb900a037a6b7c3d7f9a0f7122eecaae3e99fdfbe312973fa64e19ef24338b4784152476920ce1aad00fd4c733cb38b10f2f85df95f0865f7756

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation