General

  • Target

    477e63469ad1367db01d265fda5bd96a341d45f2c9a420c05b61fa0adeca38f4

  • Size

    539KB

  • Sample

    211103-h5jq7saeaq

  • MD5

    58a10e67c5c353e9e854c0ac2d2a4f7b

  • SHA1

    346d310df717a910d5a4d1b4b712496abe7c5bdb

  • SHA256

    477e63469ad1367db01d265fda5bd96a341d45f2c9a420c05b61fa0adeca38f4

  • SHA512

    96c78b250fb6feb7cb5899d491c04fea7a7947d841f7733706c2049aeb3da442ef66b8b3f069d73cd64007ca6b19c859aa9596b16b2bd03ed147ba122b39d4f6

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      477e63469ad1367db01d265fda5bd96a341d45f2c9a420c05b61fa0adeca38f4

    • Size

      539KB

    • MD5

      58a10e67c5c353e9e854c0ac2d2a4f7b

    • SHA1

      346d310df717a910d5a4d1b4b712496abe7c5bdb

    • SHA256

      477e63469ad1367db01d265fda5bd96a341d45f2c9a420c05b61fa0adeca38f4

    • SHA512

      96c78b250fb6feb7cb5899d491c04fea7a7947d841f7733706c2049aeb3da442ef66b8b3f069d73cd64007ca6b19c859aa9596b16b2bd03ed147ba122b39d4f6

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks