General

  • Target

    4a0129093fc5f3fb58bfebae5d9ea7fe99e2871ead13f12612606e9e2aed261d

  • Size

    440KB

  • Sample

    211101-jhn8vaeaap

  • MD5

    4eb5d05f73f6edc4673409b03ee325cf

  • SHA1

    f210931bedf25533129b87eee16573e618887d80

  • SHA256

    4a0129093fc5f3fb58bfebae5d9ea7fe99e2871ead13f12612606e9e2aed261d

  • SHA512

    c3370f853e23527bd22dae9ce6cf39d023d4a9c9b17b23a5cdb717e085f5c3b7160e0756674bf0519cd6717b81e68911e9896488b0c342007e114047b46fd231

Malware Config

Extracted

Family

raccoon

Botnet

a8df9e1d3d24b04502963590a8ed392d88ab1b96

Attributes
  • url4cnc

    http://telegin.top/opticillusionlusy

    http://ttmirror.top/opticillusionlusy

    http://teletele.top/opticillusionlusy

    http://telegalive.top/opticillusionlusy

    http://toptelete.top/opticillusionlusy

    http://telegraf.top/opticillusionlusy

    https://t.me/opticillusionlusy

rc4.plain
rc4.plain

Targets

    • Target

      4a0129093fc5f3fb58bfebae5d9ea7fe99e2871ead13f12612606e9e2aed261d

    • Size

      440KB

    • MD5

      4eb5d05f73f6edc4673409b03ee325cf

    • SHA1

      f210931bedf25533129b87eee16573e618887d80

    • SHA256

      4a0129093fc5f3fb58bfebae5d9ea7fe99e2871ead13f12612606e9e2aed261d

    • SHA512

      c3370f853e23527bd22dae9ce6cf39d023d4a9c9b17b23a5cdb717e085f5c3b7160e0756674bf0519cd6717b81e68911e9896488b0c342007e114047b46fd231

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks