General

  • Target

    0347dfd075cb14d0381d308d86b4c0538029babc470e0ba4e6b036c47aa47e7e

  • Size

    421KB

  • Sample

    211104-nb6lrsdehm

  • MD5

    cac7e11a6deb07701f5c87d07affcca2

  • SHA1

    789a9d70281d70a50e0452d85cb3cb2329ea5254

  • SHA256

    0347dfd075cb14d0381d308d86b4c0538029babc470e0ba4e6b036c47aa47e7e

  • SHA512

    3349ffa7747d612c698619dd7b385805f843998f05ed513a7b4f0510633fe4a930fa21022aa616e6a7a3dba0c844c9cb28f9b7ccfb879a75465b7ea6432754a5

Malware Config

Extracted

Family

raccoon

Botnet

b3ed1d79826001317754d88a62db05820a1ecd19

Attributes
  • url4cnc

    http://teleliver.top/agrybirdsgamerept

    http://livetelive.top/agrybirdsgamerept

    http://teleger.top/agrybirdsgamerept

    http://telestrong.top/agrybirdsgamerept

    http://tgrampro.top/agrybirdsgamerept

    http://teleghost.top/agrybirdsgamerept

    http://teleroom.top/agrybirdsgamerept

    http://telemir.top/agrybirdsgamerept

    http://teletelo.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      0347dfd075cb14d0381d308d86b4c0538029babc470e0ba4e6b036c47aa47e7e

    • Size

      421KB

    • MD5

      cac7e11a6deb07701f5c87d07affcca2

    • SHA1

      789a9d70281d70a50e0452d85cb3cb2329ea5254

    • SHA256

      0347dfd075cb14d0381d308d86b4c0538029babc470e0ba4e6b036c47aa47e7e

    • SHA512

      3349ffa7747d612c698619dd7b385805f843998f05ed513a7b4f0510633fe4a930fa21022aa616e6a7a3dba0c844c9cb28f9b7ccfb879a75465b7ea6432754a5

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks