Overview

overview

10

Static

static

19b6dc4c59...55.exe

windows7_x64

10

19b6dc4c59...55.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19b6dc4c5931d11f530ab82024bc8255.exe

  • Size

    505KB

  • Sample

    211027-l7yjxsbfd2

  • MD5

    19b6dc4c5931d11f530ab82024bc8255

  • SHA1

    82c7a55fe11c7f21b9985ccfc214a334247c60a3

  • SHA256

    1f172de29d48773e9de63f15a079b0516c0dce6dfc9e998e3d5927cb2c8cecc5

  • SHA512

    0ebf64ed6cf18792872a018ef475e6a5e0de06fd9e20466134777205b6221a541e3258e3db8dc66814de88af30b8798473a794a16b041bbbcbee0015b90239bf

Score
10/10
raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

Malware Config

Extracted

Family

raccoon

Botnet

60e59be328fbd2ebac1839ea99411dccb00a6f49

Attributes
  • url4cnc

    http://telegin.top/agrybirdsgamerept

    http://ttmirror.top/agrybirdsgamerept

    http://teletele.top/agrybirdsgamerept

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      19b6dc4c5931d11f530ab82024bc8255.exe

    • Size

      505KB

    • MD5

      19b6dc4c5931d11f530ab82024bc8255

    • SHA1

      82c7a55fe11c7f21b9985ccfc214a334247c60a3

    • SHA256

      1f172de29d48773e9de63f15a079b0516c0dce6dfc9e998e3d5927cb2c8cecc5

    • SHA512

      0ebf64ed6cf18792872a018ef475e6a5e0de06fd9e20466134777205b6221a541e3258e3db8dc66814de88af30b8798473a794a16b041bbbcbee0015b90239bf

    Score
    10/10
    raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks