General

  • Target

    93ce0b245ba803cd48dadb27ceaa7435.exe

  • Size

    421KB

  • Sample

    211104-vwzsaahbb8

  • MD5

    93ce0b245ba803cd48dadb27ceaa7435

  • SHA1

    20aaacc6b69d84c8709a9a1ad97b61d9ba774ffc

  • SHA256

    35405fdecc554572244c745e390644ae713070f0bf81b29b9b54f6a738cb0ea5

  • SHA512

    c210b371835023ceac6aff7f4dc470554d62b556df89f712ca92623d05837c6e91e900b8e60d9a20a3a05708feff386882f31ba386e1a405289661924e193574

Malware Config

Extracted

Family

raccoon

Botnet

b3ed1d79826001317754d88a62db05820a1ecd19

Attributes
  • url4cnc

    http://teleliver.top/agrybirdsgamerept

    http://livetelive.top/agrybirdsgamerept

    http://teleger.top/agrybirdsgamerept

    http://telestrong.top/agrybirdsgamerept

    http://tgrampro.top/agrybirdsgamerept

    http://teleghost.top/agrybirdsgamerept

    http://teleroom.top/agrybirdsgamerept

    http://telemir.top/agrybirdsgamerept

    http://teletelo.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      93ce0b245ba803cd48dadb27ceaa7435.exe

    • Size

      421KB

    • MD5

      93ce0b245ba803cd48dadb27ceaa7435

    • SHA1

      20aaacc6b69d84c8709a9a1ad97b61d9ba774ffc

    • SHA256

      35405fdecc554572244c745e390644ae713070f0bf81b29b9b54f6a738cb0ea5

    • SHA512

      c210b371835023ceac6aff7f4dc470554d62b556df89f712ca92623d05837c6e91e900b8e60d9a20a3a05708feff386882f31ba386e1a405289661924e193574

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks