General

  • Target

    3b62e9c30b398554f476147d4386f2c6

  • Size

    591KB

  • Sample

    211029-3medzsahgk

  • MD5

    3b62e9c30b398554f476147d4386f2c6

  • SHA1

    7d45a88064af2c0f161bc682eba5244168ee1554

  • SHA256

    f7066f5159f83c1266329e7e8bf27abe5fa6f481da98e3b31c3f8e3cc1af7f06

  • SHA512

    a689b6669291240ec859eac2eb9f71796b00a24eef93e823d51211fd375c77fe3eae147e97671281d73152dfdf0d3ae0a79b399ed8a691436ee8229c3b463c14

Malware Config

Extracted

Family

raccoon

Botnet

b176c5fe76fc027de7ad67f52792266419904252

Attributes
  • url4cnc

    http://telegalive.top/hoverpattern31

    http://toptelete.top/hoverpattern31

    http://telegraf.top/hoverpattern31

    https://t.me/hoverpattern31

rc4.plain
rc4.plain

Targets

    • Target

      3b62e9c30b398554f476147d4386f2c6

    • Size

      591KB

    • MD5

      3b62e9c30b398554f476147d4386f2c6

    • SHA1

      7d45a88064af2c0f161bc682eba5244168ee1554

    • SHA256

      f7066f5159f83c1266329e7e8bf27abe5fa6f481da98e3b31c3f8e3cc1af7f06

    • SHA512

      a689b6669291240ec859eac2eb9f71796b00a24eef93e823d51211fd375c77fe3eae147e97671281d73152dfdf0d3ae0a79b399ed8a691436ee8229c3b463c14

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks