Overview

overview

10

Static

static

mixshop_20...41.exe

windows7_x64

10

mixshop_20...41.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mixshop_20211111-162141

  • Size

    747KB

  • Sample

    211111-vx1e7sghcp

  • MD5

    84dd06d1e6237944e337d213947e1949

  • SHA1

    ee6f9e3a5c363d4ac4dcf449a3c1c590886fe8d5

  • SHA256

    72f0a495127d1b3e3bbab9ab771ed6adeb94ca7663c282679b9d115e0de1af30

  • SHA512

    13f6ff60279e089f3aefb6c57f760bc1377d0452baff33c707be5ff502df01258b5ed6527e729084549a0f50c0af95a412b583abc1779841d9c072f21bea32fb

Score
10/10
raccoon8dec62c1db2959619dca43e02fa46ad7bd606400stealer

Malware Config

Extracted

Family

raccoon

Botnet

8dec62c1db2959619dca43e02fa46ad7bd606400

Attributes
  • url4cnc

    http://telegin.top/capibar

    http://ttmirror.top/capibar

    http://teletele.top/capibar

    http://telegalive.top/capibar

    http://toptelete.top/capibar

    http://telegraf.top/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      mixshop_20211111-162141

    • Size

      747KB

    • MD5

      84dd06d1e6237944e337d213947e1949

    • SHA1

      ee6f9e3a5c363d4ac4dcf449a3c1c590886fe8d5

    • SHA256

      72f0a495127d1b3e3bbab9ab771ed6adeb94ca7663c282679b9d115e0de1af30

    • SHA512

      13f6ff60279e089f3aefb6c57f760bc1377d0452baff33c707be5ff502df01258b5ed6527e729084549a0f50c0af95a412b583abc1779841d9c072f21bea32fb

    Score
    10/10
    raccoon8dec62c1db2959619dca43e02fa46ad7bd606400stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks