General

  • Target

    6f057dd71ebe1f5a1482cd5ee0e3994545196829d07fba3e5341ef5eaea3191a

  • Size

    422KB

  • Sample

    211104-sf9anseacr

  • MD5

    5e7c8ac5d567f7380460e16d3382308b

  • SHA1

    8c35cc0fcae2766146af69516fb764bf25a414cf

  • SHA256

    6f057dd71ebe1f5a1482cd5ee0e3994545196829d07fba3e5341ef5eaea3191a

  • SHA512

    58dd0eea104ce67a4831d9a70c7b0dda58c81c09250976a0339239a9b567959364f37eef44286676db6a289ab704d41d28da4f9b63c55c869bc867c7ced87f25

Malware Config

Extracted

Family

raccoon

Botnet

b3ed1d79826001317754d88a62db05820a1ecd19

Attributes
  • url4cnc

    http://teleliver.top/agrybirdsgamerept

    http://livetelive.top/agrybirdsgamerept

    http://teleger.top/agrybirdsgamerept

    http://telestrong.top/agrybirdsgamerept

    http://tgrampro.top/agrybirdsgamerept

    http://teleghost.top/agrybirdsgamerept

    http://teleroom.top/agrybirdsgamerept

    http://telemir.top/agrybirdsgamerept

    http://teletelo.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      6f057dd71ebe1f5a1482cd5ee0e3994545196829d07fba3e5341ef5eaea3191a

    • Size

      422KB

    • MD5

      5e7c8ac5d567f7380460e16d3382308b

    • SHA1

      8c35cc0fcae2766146af69516fb764bf25a414cf

    • SHA256

      6f057dd71ebe1f5a1482cd5ee0e3994545196829d07fba3e5341ef5eaea3191a

    • SHA512

      58dd0eea104ce67a4831d9a70c7b0dda58c81c09250976a0339239a9b567959364f37eef44286676db6a289ab704d41d28da4f9b63c55c869bc867c7ced87f25

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks