General

  • Target

    b23d6c569893579789695f3d05accbe1

  • Size

    1.4MB

  • Sample

    240304-qqvtxsbc71

  • MD5

    b23d6c569893579789695f3d05accbe1

  • SHA1

    fa6b1d998500175e122de2c264869fda667bcd26

  • SHA256

    93ddf61c1aa7c0b867ffbd579b9febdeed4b027d14f8b86d62f7da493706731c

  • SHA512

    e816f5121406e32178afeabece8b63c4d773e183d18f705b5a884664013f0fe082830785c2c87913101c5c504a7a7ee60b9987d064c4e5624c681a3674a2e633

  • SSDEEP

    24576:ckJ57Lut19vrBg9qm+BZkvgt7DYOl+FbSoLCwcpN5tgLG6OI8mMe2WLPFouz:T7LG1V/dBZkY1Yo+X+tgLGPi2WLPFou

Malware Config

Extracted

Family

raccoon

Botnet

43aae292cfe6f58a13bd7111bdd7d5ded5b23ec3

Attributes
  • url4cnc

    https://telete.in/brikitiki

rc4.plain
1
$Z2s`ten\@bE9vzR
rc4.plain
1
c8a85e1185e210f4c647f2b27686f0e2

Targets

    • Target

      b23d6c569893579789695f3d05accbe1

    • Size

      1.4MB

    • MD5

      b23d6c569893579789695f3d05accbe1

    • SHA1

      fa6b1d998500175e122de2c264869fda667bcd26

    • SHA256

      93ddf61c1aa7c0b867ffbd579b9febdeed4b027d14f8b86d62f7da493706731c

    • SHA512

      e816f5121406e32178afeabece8b63c4d773e183d18f705b5a884664013f0fe082830785c2c87913101c5c504a7a7ee60b9987d064c4e5624c681a3674a2e633

    • SSDEEP

      24576:ckJ57Lut19vrBg9qm+BZkvgt7DYOl+FbSoLCwcpN5tgLG6OI8mMe2WLPFouz:T7LG1V/dBZkY1Yo+X+tgLGPi2WLPFou

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    • Detect ZGRat V1

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V1 payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.