General

  • Target

    e69cef22b08659aa21819fe5568f546f9c00d8b29850aeb0cab442fb80cc8a34

  • Size

    418KB

  • Sample

    211104-kncmnsgbd2

  • MD5

    a9c3d1e84f863f833a33456b7a7b15f1

  • SHA1

    01266e0e793324386b50f938e546a0224f8a7db4

  • SHA256

    e69cef22b08659aa21819fe5568f546f9c00d8b29850aeb0cab442fb80cc8a34

  • SHA512

    3224b583355a39a8f3e3e786073228ec95c4cc69c6b67855223b16d0b8990012e0d3b8ee8b1c85c70de8bb89b6db216d03aa4789c2e60daf5ed04622846d8836

Malware Config

Extracted

Family

raccoon

Botnet

b3ed1d79826001317754d88a62db05820a1ecd19

Attributes
  • url4cnc

    http://teleliver.top/agrybirdsgamerept

    http://livetelive.top/agrybirdsgamerept

    http://teleger.top/agrybirdsgamerept

    http://telestrong.top/agrybirdsgamerept

    http://tgrampro.top/agrybirdsgamerept

    http://teleghost.top/agrybirdsgamerept

    http://teleroom.top/agrybirdsgamerept

    http://telemir.top/agrybirdsgamerept

    http://teletelo.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      e69cef22b08659aa21819fe5568f546f9c00d8b29850aeb0cab442fb80cc8a34

    • Size

      418KB

    • MD5

      a9c3d1e84f863f833a33456b7a7b15f1

    • SHA1

      01266e0e793324386b50f938e546a0224f8a7db4

    • SHA256

      e69cef22b08659aa21819fe5568f546f9c00d8b29850aeb0cab442fb80cc8a34

    • SHA512

      3224b583355a39a8f3e3e786073228ec95c4cc69c6b67855223b16d0b8990012e0d3b8ee8b1c85c70de8bb89b6db216d03aa4789c2e60daf5ed04622846d8836

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks