mixsix_20211025-141659

General
Target

mixsix_20211025-141659

Size

578KB

Sample

211025-pg7lpagbb9

Score
10 /10
MD5

2ad24cd92cd513a490e1b32957995f51

SHA1

e5a935dbb57c0f481c80d77769cbc37949daf6ce

SHA256

a1fff68c477fb80ab1506bfb8ce84533021cda6353d20bd0e524cc8ff5772376

SHA512

9b37de332a4c149e5f332f710038f5b78bcd6be6fba631867f250fb5d519d99e3e3b6d2bfd63f72ec763d045b37e59df1befa009adfe5d2c2979a85309d1e0d5

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

mixsix_20211025-141659

MD5

2ad24cd92cd513a490e1b32957995f51

Filesize

578KB

Score
10/10
SHA1

e5a935dbb57c0f481c80d77769cbc37949daf6ce

SHA256

a1fff68c477fb80ab1506bfb8ce84533021cda6353d20bd0e524cc8ff5772376

SHA512

9b37de332a4c149e5f332f710038f5b78bcd6be6fba631867f250fb5d519d99e3e3b6d2bfd63f72ec763d045b37e59df1befa009adfe5d2c2979a85309d1e0d5

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation