General
-
Target
0e5cfe1ca7125eb738d2840d24237162786d250c14bda6f07ac6f83b8b919ee7
-
Size
419KB
-
Sample
211104-jjwpbagah5
-
MD5
f5ec4680bda4f5abc8d6bf9d9721fccb
-
SHA1
d68739f7375e2eec5fcf38bfa8352d32e94fa99e
-
SHA256
0e5cfe1ca7125eb738d2840d24237162786d250c14bda6f07ac6f83b8b919ee7
-
SHA512
946e49f4bfb283ee18fb1eb81d0e01089eef97087463a83592a2668c47b1517ae67fbd45fbabab7db234139fbc8831f28b2e8b9d55b9925960d37cd1116ed577
Malware Config
Extracted
raccoon
b3ed1d79826001317754d88a62db05820a1ecd19
-
url4cnc
http://teleliver.top/agrybirdsgamerept
http://livetelive.top/agrybirdsgamerept
http://teleger.top/agrybirdsgamerept
http://telestrong.top/agrybirdsgamerept
http://tgrampro.top/agrybirdsgamerept
http://teleghost.top/agrybirdsgamerept
http://teleroom.top/agrybirdsgamerept
http://telemir.top/agrybirdsgamerept
http://teletelo.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
Targets
-
-
Target
0e5cfe1ca7125eb738d2840d24237162786d250c14bda6f07ac6f83b8b919ee7
-
Size
419KB
-
MD5
f5ec4680bda4f5abc8d6bf9d9721fccb
-
SHA1
d68739f7375e2eec5fcf38bfa8352d32e94fa99e
-
SHA256
0e5cfe1ca7125eb738d2840d24237162786d250c14bda6f07ac6f83b8b919ee7
-
SHA512
946e49f4bfb283ee18fb1eb81d0e01089eef97087463a83592a2668c47b1517ae67fbd45fbabab7db234139fbc8831f28b2e8b9d55b9925960d37cd1116ed577
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of SetThreadContext
-