General

  • Target

    00cb822c3ec6fc20f003e1608f7bdbf9bece34f1d1bf7ba177319735b18db6f8

  • Size

    425KB

  • Sample

    211102-xd3gkaheck

  • MD5

    9101aa923615f348ebea7446a39040fa

  • SHA1

    50ed01c5777956277de7fce8687758b7a574a97d

  • SHA256

    00cb822c3ec6fc20f003e1608f7bdbf9bece34f1d1bf7ba177319735b18db6f8

  • SHA512

    425a845ec3a3319584d3bb91e31cbdd0c578cbb373ec6915c4c932948ea3b8145999618fee400a99cb068c248b01c39ca0f09ef652c19802962ca418a1c715d0

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      00cb822c3ec6fc20f003e1608f7bdbf9bece34f1d1bf7ba177319735b18db6f8

    • Size

      425KB

    • MD5

      9101aa923615f348ebea7446a39040fa

    • SHA1

      50ed01c5777956277de7fce8687758b7a574a97d

    • SHA256

      00cb822c3ec6fc20f003e1608f7bdbf9bece34f1d1bf7ba177319735b18db6f8

    • SHA512

      425a845ec3a3319584d3bb91e31cbdd0c578cbb373ec6915c4c932948ea3b8145999618fee400a99cb068c248b01c39ca0f09ef652c19802962ca418a1c715d0

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks