General

  • Target

    5afd6068593d31f3c251ead0cfc491e2e898908ad575b7b7a9f104ac85b95233

  • Size

    423KB

  • Sample

    211102-z18yzahgfj

  • MD5

    0e7a1077ccf1572824b976b73d4fa3d7

  • SHA1

    134522a83af9d67675cf74bcf588f226111b8351

  • SHA256

    5afd6068593d31f3c251ead0cfc491e2e898908ad575b7b7a9f104ac85b95233

  • SHA512

    a635a8aa3b2bc8a9ad01610c8c1d28c147b8a894f8e16cbffe8062d480f087d306e594361130b4c1a4c5e760317cc1163a54380323736b6be0d51a6ee2d273fe

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      5afd6068593d31f3c251ead0cfc491e2e898908ad575b7b7a9f104ac85b95233

    • Size

      423KB

    • MD5

      0e7a1077ccf1572824b976b73d4fa3d7

    • SHA1

      134522a83af9d67675cf74bcf588f226111b8351

    • SHA256

      5afd6068593d31f3c251ead0cfc491e2e898908ad575b7b7a9f104ac85b95233

    • SHA512

      a635a8aa3b2bc8a9ad01610c8c1d28c147b8a894f8e16cbffe8062d480f087d306e594361130b4c1a4c5e760317cc1163a54380323736b6be0d51a6ee2d273fe

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks