Resubmissions

07-11-2023 02:17

231107-cqv8sshh7z 10

07-11-2023 02:13

231107-cnqwasbe42 10

07-11-2023 02:00

231107-cfgbwshg4s 10

07-11-2023 01:50

231107-b9b4lahf6t 10

07-11-2023 01:35

231107-bz5yxsbb62 10

General

  • Target

    Divided Threats.zip

  • Size

    198MB

  • Sample

    231107-cnqwasbe42

  • MD5

    f6fed4cd5f732c98e95cb2d633b6b88f

  • SHA1

    bd61e60312f1e0ec86b24196f44e8f9275de6cf1

  • SHA256

    42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

  • SHA512

    0bf8b62091061100fb81e8a328e738bce4e3ba733a2a47f808b4b3e44f519441883c72752f654c217b7c354c99894515ed8db92c647587a415d1dfc4d96d68f8

  • SSDEEP

    3145728:BHVJkRpdd5SZKO1E2AH57+eBlBtqVJncR6nl4DpAlAR8bpwBZkzxQxqi:9AddkHedtqbAYob0I+1C

Malware Config

Extracted

Family

raccoon

Botnet

5ba094fed1175cc7d1abb03fa165c23c

C2

http://79.137.207.53/

Attributes
  • user_agent

    901785252112

xor.plain

Extracted

Family

privateloader

C2

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

http://45.133.1.182/proxies.txt

45.133.1.60

Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Extracted

Family

stealc

C2

http://robertjohnson.top

Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain

Targets

    • Target

      Divided Threats.zip

    • Size

      198MB

    • MD5

      f6fed4cd5f732c98e95cb2d633b6b88f

    • SHA1

      bd61e60312f1e0ec86b24196f44e8f9275de6cf1

    • SHA256

      42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

    • SHA512

      0bf8b62091061100fb81e8a328e738bce4e3ba733a2a47f808b4b3e44f519441883c72752f654c217b7c354c99894515ed8db92c647587a415d1dfc4d96d68f8

    • SSDEEP

      3145728:BHVJkRpdd5SZKO1E2AH57+eBlBtqVJncR6nl4DpAlAR8bpwBZkzxQxqi:9AddkHedtqbAYob0I+1C

    Score
    1/10

MITRE ATT&CK Matrix

Tasks