General
-
Target
c5401e1bb35d1b357e92c7d811d21796
-
Size
1.1MB
-
Sample
211203-sxg8hsbhe4
-
MD5
c5401e1bb35d1b357e92c7d811d21796
-
SHA1
bb1c65213310d73e7fe6b780c0f4f4459fb71d26
-
SHA256
a6ea6406da66ddd3123cd438e60cf953d5476fc9201834717d21d9faa92c2f90
-
SHA512
2d298e80b63f65887bc04abb1f8d03e34e8e5a0af0bd3adea01daa719f5d7389fea571d8fc330d42e901684b8970066c37670090771f478aadc317d2094c8571
Malware Config
Extracted
raccoon
Extracted
raccoon
1.8.3-hotfix
fe1f102f3334068962b64125bcb00816dba46087
-
url4cnc
http://91.219.236.27/ocherednyara1
http://5.181.156.92/ocherednyara1
http://91.219.236.207/ocherednyara1
http://185.225.19.18/ocherednyara1
http://91.219.237.227/ocherednyara1
https://t.me/ocherednyara1
Extracted
smokeloader
2020
http://185.215.113.40/
http://1fdsdfsdfdsf.space/
http://2fds33rdsrsdrs.space/
http://3fds4544gfgf.space/
http://4jgfdjgdh5fds.space/
http://5gfdtktkkt44.space/
Targets
-
-
Target
c5401e1bb35d1b357e92c7d811d21796
-
Size
1.1MB
-
MD5
c5401e1bb35d1b357e92c7d811d21796
-
SHA1
bb1c65213310d73e7fe6b780c0f4f4459fb71d26
-
SHA256
a6ea6406da66ddd3123cd438e60cf953d5476fc9201834717d21d9faa92c2f90
-
SHA512
2d298e80b63f65887bc04abb1f8d03e34e8e5a0af0bd3adea01daa719f5d7389fea571d8fc330d42e901684b8970066c37670090771f478aadc317d2094c8571
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-