General

  • Target

    52a63753d60646a345612aeaab90a416c52b33752730b7ce10ff1568d43ace11

  • Size

    420KB

  • Sample

    211104-pe5pbagef9

  • MD5

    ac351c2f52d9ccc8ba661e1cad931172

  • SHA1

    51595882aa67dedf251040fe002be9a622cb55e7

  • SHA256

    52a63753d60646a345612aeaab90a416c52b33752730b7ce10ff1568d43ace11

  • SHA512

    ff3baff7960c0a6aff7d93a5d0ab9e0f16b9515678c8b0822c86deb82320a2060729a3f3642c558876efea0a05fb6f11d242ac03e9a206c4a045a438a9b54f5f

Malware Config

Extracted

Family

raccoon

Botnet

b3ed1d79826001317754d88a62db05820a1ecd19

Attributes
  • url4cnc

    http://teleliver.top/agrybirdsgamerept

    http://livetelive.top/agrybirdsgamerept

    http://teleger.top/agrybirdsgamerept

    http://telestrong.top/agrybirdsgamerept

    http://tgrampro.top/agrybirdsgamerept

    http://teleghost.top/agrybirdsgamerept

    http://teleroom.top/agrybirdsgamerept

    http://telemir.top/agrybirdsgamerept

    http://teletelo.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      52a63753d60646a345612aeaab90a416c52b33752730b7ce10ff1568d43ace11

    • Size

      420KB

    • MD5

      ac351c2f52d9ccc8ba661e1cad931172

    • SHA1

      51595882aa67dedf251040fe002be9a622cb55e7

    • SHA256

      52a63753d60646a345612aeaab90a416c52b33752730b7ce10ff1568d43ace11

    • SHA512

      ff3baff7960c0a6aff7d93a5d0ab9e0f16b9515678c8b0822c86deb82320a2060729a3f3642c558876efea0a05fb6f11d242ac03e9a206c4a045a438a9b54f5f

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks