mixsix_20211026-230331

General
Target

mixsix_20211026-230331

Size

649KB

Sample

211026-zxbt3aaahr

Score
10 /10
MD5

0f2c6fea427d273ea705cb397229ea1c

SHA1

f8a7502b1773dcc92b62cae9fc52fbf2c48cddd0

SHA256

ce446701e5909550dcea95e229a76de9dab64b8f1642daa4f92c11a8bcd10771

SHA512

605d6ee544ac3dc103e7effc687494e49bfd831fbef9b1df77c9f5ce58e9f699991c5f83a9ab490593adbf15f0f1d38bb675b9e56b62863f3b1a310eb960a14c

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

mixsix_20211026-230331

MD5

0f2c6fea427d273ea705cb397229ea1c

Filesize

649KB

Score
10/10
SHA1

f8a7502b1773dcc92b62cae9fc52fbf2c48cddd0

SHA256

ce446701e5909550dcea95e229a76de9dab64b8f1642daa4f92c11a8bcd10771

SHA512

605d6ee544ac3dc103e7effc687494e49bfd831fbef9b1df77c9f5ce58e9f699991c5f83a9ab490593adbf15f0f1d38bb675b9e56b62863f3b1a310eb960a14c

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation