Behavioral Report

General

Target

mixsix_20211029-001408.exe
Size

648KB
MD5

fca8bb3b8d137449cba1fbf406e0d1eb
SHA1

8b2a7d56695e4aea122e37b3a5a371a16cfa5c2d
SHA256

249153197eafedc3426d55f6a12fbe041acb4527bc8c31f007ea1798d30df7b9
SHA512

71c04d60d49ce9ed3314752171b6b9ca102cf80dc113b9af56a2be2b6fd790b83a890b95319ec701444a0b41fb644299d0e5b4a84f86c7cb37411eb95e20eb90

Score

10^/10

Family

raccoon

Botnet

7c9b4504a63ed23664e38808e65948379b790395

Attributes

url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar

rc4.plain

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon
Suspicious use of SetThreadContext 1 IoCs

Processes:

mixsix_20211029-001408.exe

description pid process target process

PID 1260 set thread context of 572 1260 mixsix_20211029-001408.exe mixsix_20211029-001408.exe

description	pid	process	target process
PID 1260 set thread context of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

mixsix_20211029-001408.exe

description	pid	process	target process
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe
PID 1260 wrote to memory of 572	1260	mixsix_20211029-001408.exe	mixsix_20211029-001408.exe

C:\Users\Admin\AppData\Local\Temp\mixsix_20211029-001408.exe
"C:\Users\Admin\AppData\Local\Temp\mixsix_20211029-001408.exe"
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1260

C:\Users\Admin\AppData\Local\Temp\mixsix_20211029-001408.exe
"C:\Users\Admin\AppData\Local\Temp\mixsix_20211029-001408.exe"
PID:572

00:00 00:00

memory/572-61-0x0000000000400000-0x0000000002DE8000-memory.dmp

Filesize
41MB

Download
memory/572-66-0x0000000000400000-0x0000000002DE8000-memory.dmp

Filesize
41MB

Download
memory/572-65-0x0000000000310000-0x000000000039E000-memory.dmp

Filesize
568KB

Download
memory/572-64-0x0000000075871000-0x0000000075873000-memory.dmp

Filesize
8KB

Download
memory/572-59-0x0000000000457320-mapping.dmp

Download
memory/572-58-0x0000000000400000-0x0000000002DE8000-memory.dmp

Filesize
41MB

Download
memory/572-63-0x0000000000400000-0x0000000002DE8000-memory.dmp

Filesize
41MB

Download
memory/572-62-0x0000000002EE8000-0x0000000002F37000-memory.dmp

Filesize
316KB

Download
memory/1260-57-0x0000000003194000-0x00000000031FD000-memory.dmp

Filesize
420KB

Download
memory/1260-60-0x0000000002F70000-0x0000000003003000-memory.dmp

Filesize
588KB

Download
memory/1260-54-0x0000000000220000-0x000000000029C000-memory.dmp

Filesize
496KB

Download
memory/1260-56-0x0000000000400000-0x0000000002F68000-memory.dmp

Filesize
43MB

Download
memory/1260-55-0x00000000002A0000-0x0000000000332000-memory.dmp

Filesize
584KB

Download