General

  • Target

    6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132

  • Size

    570KB

  • Sample

    211203-1drlvacch7

  • MD5

    4c8b66d361835c2d9ea8c230e90662dd

  • SHA1

    3fae7d1577820b1fc0559510bad83c9d6c63323a

  • SHA256

    6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132

  • SHA512

    211b0518d29da64837d2f996f2cbb6befd8c93944a8a00d8a08675d0aec4369e447ffb7ff1d04deca77cc0e2c2c3c4f18d5e002deca998353f144aa8695d0147

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

049dc5184bb65eb56e4e860bf61427e2a0fcba1e

Attributes
  • url4cnc

    http://185.225.19.18/duglassa1

    http://91.219.237.227/duglassa1

    https://t.me/duglassa1

rc4.plain
rc4.plain

Targets

    • Target

      6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132

    • Size

      570KB

    • MD5

      4c8b66d361835c2d9ea8c230e90662dd

    • SHA1

      3fae7d1577820b1fc0559510bad83c9d6c63323a

    • SHA256

      6f930339242cf55f87b545fd29f8faf6b84f5828aac0322defd57f03aa7cf132

    • SHA512

      211b0518d29da64837d2f996f2cbb6befd8c93944a8a00d8a08675d0aec4369e447ffb7ff1d04deca77cc0e2c2c3c4f18d5e002deca998353f144aa8695d0147

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix

Tasks