General

  • Target

    f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528

  • Size

    425KB

  • Sample

    211102-sx4rhshcan

  • MD5

    f732af1f1088ffc33e807c2fa7317512

  • SHA1

    8c91e59ebe7ea96a956ed13b6306f1efbb3a09d3

  • SHA256

    f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528

  • SHA512

    1135c0d552c8fab6323082718ac77ebe19a39d2cc9c66275fd6f233941d6612ee8b7e797bd1ae991287fc2c7379e66fbb43f71e91de0acdb5eaffb978223b181

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528

    • Size

      425KB

    • MD5

      f732af1f1088ffc33e807c2fa7317512

    • SHA1

      8c91e59ebe7ea96a956ed13b6306f1efbb3a09d3

    • SHA256

      f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528

    • SHA512

      1135c0d552c8fab6323082718ac77ebe19a39d2cc9c66275fd6f233941d6612ee8b7e797bd1ae991287fc2c7379e66fbb43f71e91de0acdb5eaffb978223b181

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks