54d61c8728f2b5872675212017a5e0e7

General
Target

54d61c8728f2b5872675212017a5e0e7

Size

582KB

Sample

211030-ayqxyababn

Score
10 /10
MD5

54d61c8728f2b5872675212017a5e0e7

SHA1

ea3fe4632335c7fe5c883a64007ba1f3180d8999

SHA256

678acb0210b49178697f000aa87619018626bb64ed483690bb266d942e0f5c1e

SHA512

af22e75a31b3309dee47e6833125194d52bc7b1249c9709324a5eb3da6d9b5cf6c03a33c2394d948a97e5aabf8964c489efb0ce4cf44664be5ee54501587db7a

Malware Config

Extracted

Family raccoon
Botnet 7c9b4504a63ed23664e38808e65948379b790395
Attributes
url4cnc
http://telegka.top/capibar
http://telegin.top/capibar
https://t.me/capibar
rc4.plain
rc4.plain
Targets
Target

54d61c8728f2b5872675212017a5e0e7

MD5

54d61c8728f2b5872675212017a5e0e7

Filesize

582KB

Score
10/10
SHA1

ea3fe4632335c7fe5c883a64007ba1f3180d8999

SHA256

678acb0210b49178697f000aa87619018626bb64ed483690bb266d942e0f5c1e

SHA512

af22e75a31b3309dee47e6833125194d52bc7b1249c9709324a5eb3da6d9b5cf6c03a33c2394d948a97e5aabf8964c489efb0ce4cf44664be5ee54501587db7a

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation