Overview

overview

10

Static

static

ddab526043...c3.exe

windows7_x64

10

ddab526043...c3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddab526043e348eaf19ceb039bd7a0c3.exe

  • Size

    538KB

  • Sample

    211103-yxqgsaehc4

  • MD5

    ddab526043e348eaf19ceb039bd7a0c3

  • SHA1

    445b9b43148b7f8e96c5e9a1babb8f25e3cb6db9

  • SHA256

    62620fec283076b6d5ddc4c17802ae073538614321e5cd782d63d28c7de48f47

  • SHA512

    61af202db4e12e109df5f6164e49b72e75d65d80d36d081ffd405499950c9a34c04bfa45156d0401b5755baf08dac3d8069890eccac17cfbb67804b4cd028246

Score
10/10
raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      ddab526043e348eaf19ceb039bd7a0c3.exe

    • Size

      538KB

    • MD5

      ddab526043e348eaf19ceb039bd7a0c3

    • SHA1

      445b9b43148b7f8e96c5e9a1babb8f25e3cb6db9

    • SHA256

      62620fec283076b6d5ddc4c17802ae073538614321e5cd782d63d28c7de48f47

    • SHA512

      61af202db4e12e109df5f6164e49b72e75d65d80d36d081ffd405499950c9a34c04bfa45156d0401b5755baf08dac3d8069890eccac17cfbb67804b4cd028246

    Score
    10/10
    raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks