mixsix_20211029-001408

General
Target

mixsix_20211029-001408

Size

648KB

Sample

211028-16ykvshaek

Score
10 /10
MD5

fca8bb3b8d137449cba1fbf406e0d1eb

SHA1

8b2a7d56695e4aea122e37b3a5a371a16cfa5c2d

SHA256

249153197eafedc3426d55f6a12fbe041acb4527bc8c31f007ea1798d30df7b9

SHA512

71c04d60d49ce9ed3314752171b6b9ca102cf80dc113b9af56a2be2b6fd790b83a890b95319ec701444a0b41fb644299d0e5b4a84f86c7cb37411eb95e20eb90

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

mixsix_20211029-001408

MD5

fca8bb3b8d137449cba1fbf406e0d1eb

Filesize

648KB

Score
10/10
SHA1

8b2a7d56695e4aea122e37b3a5a371a16cfa5c2d

SHA256

249153197eafedc3426d55f6a12fbe041acb4527bc8c31f007ea1798d30df7b9

SHA512

71c04d60d49ce9ed3314752171b6b9ca102cf80dc113b9af56a2be2b6fd790b83a890b95319ec701444a0b41fb644299d0e5b4a84f86c7cb37411eb95e20eb90

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation