General

  • Target

    64b53fbb83eefeb66811ec0f53e02a09df70226140acd4f0fe86aa46c510a3c6

  • Size

    425KB

  • Sample

    211102-vtpjjahdem

  • MD5

    26bca66fe00730337cbc5a32a87ecaf6

  • SHA1

    e6bb2fdeb1ccd058a2318fe8d58f946ed7f24643

  • SHA256

    64b53fbb83eefeb66811ec0f53e02a09df70226140acd4f0fe86aa46c510a3c6

  • SHA512

    7a5b45c7cbe037f0bf4b7cb4eef9239766e400a951a94a670ee930cc46ae78fabfd3cbdbc0732e4c24b47f0e2ce76b0b2d12cc53ca34947cba04c1d989fbe442

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      64b53fbb83eefeb66811ec0f53e02a09df70226140acd4f0fe86aa46c510a3c6

    • Size

      425KB

    • MD5

      26bca66fe00730337cbc5a32a87ecaf6

    • SHA1

      e6bb2fdeb1ccd058a2318fe8d58f946ed7f24643

    • SHA256

      64b53fbb83eefeb66811ec0f53e02a09df70226140acd4f0fe86aa46c510a3c6

    • SHA512

      7a5b45c7cbe037f0bf4b7cb4eef9239766e400a951a94a670ee930cc46ae78fabfd3cbdbc0732e4c24b47f0e2ce76b0b2d12cc53ca34947cba04c1d989fbe442

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks