General

  • Target

    2545131b7880bd854f3c9148277af024

  • Size

    292KB

  • Sample

    221003-c7fjnscga5

  • MD5

    2545131b7880bd854f3c9148277af024

  • SHA1

    846cf8458ca76e9cc8092218006c0e5bb1a68e8c

  • SHA256

    e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062

  • SHA512

    c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787

Malware Config

Extracted

Family

raccoon

Botnet

d6584fcd1734d77c0004e30a172dc0e0

C2

http://84.32.188.111/

http://5.252.21.28/

http://87.120.254.71

rc4.plain

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

    • Target

      2545131b7880bd854f3c9148277af024

    • Size

      292KB

    • MD5

      2545131b7880bd854f3c9148277af024

    • SHA1

      846cf8458ca76e9cc8092218006c0e5bb1a68e8c

    • SHA256

      e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062

    • SHA512

      c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation