Overview

overview

10

Static

static

3

Nov Vessel...2W.scr

windows7-x64

10

Nov Vessel...2W.scr

windows10-2004-x64

10

REVISED IS...RT.scr

windows7-x64

10

REVISED IS...RT.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c1fffdf02fe8dd60bf43d0027b2df56b1cf059bb3adcdbbc3b973dd2e4b33db

  • Size

    1.2MB

  • Sample

    241121-zcw99sxlev

  • MD5

    2155c87b9d7aa1952a1822e8104218ca

  • SHA1

    1fa8d94d347398c2f2bc204c55f29bb14bfbe417

  • SHA256

    2c1fffdf02fe8dd60bf43d0027b2df56b1cf059bb3adcdbbc3b973dd2e4b33db

  • SHA512

    5c28f175064f800f666db9bccdbfd8920e9ea61833c4c9ea9a91b5ba76325b220af9fcbef11314b796146661829c726305e3dd47aa063a8cda8bfbf7e7b9f6f4

  • SSDEEP

    24576:gbLaiHlqdUQAv1VewGbvDHJDDcZreXhb4zLlQ1j+I1vukJigs:Y+iCAv1fuDHtDrJ4zhQsIZzns

Score
10/10
raccoonxloadera41ffcd20150e4814320ae5f467659001fd5a10fmc6bdiscoveryloaderratstealer

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mc6b

Decoy

packyssportsbarandgrill.com

catherinemata.com

swooningheartsenterprises.com

miss-notary86.com

applianceson.website

investormonks.online

lootproject.art

adoletakids.com

searchlink7.com

msjoyjewelsunlimited.com

dannisdolls.online

premierpor.xyz

geceseks.com

camdaw.xyz

ditrixmed.store

yotosunny.com

asdeformar.com

lacofood.com

nu865ci.com

verdantgomkte.xyz

Extracted

Family

raccoon

Version

1.8.2

Botnet

a41ffcd20150e4814320ae5f467659001fd5a10f

Attributes
  • url4cnc

    http://teletop.top/h_awp_1

    http://teleta.top/h_awp_1

    https://t.me/h_awp_1

rc4.plain
rc4.plain

Targets

    • Target

      Nov Vessel Updated Notice - HMM RAON V.002W.scr

    • Size

      544KB

    • MD5

      67592672996da2ed7b0588f450ff1f8d

    • SHA1

      9b7cc0315535f5a10c9633a43fd70cd6a225df6a

    • SHA256

      c20a66b1da1cbeff5c0bd7e0db5ab5005013eee56d5831f4a6fe45f6b4b3666d

    • SHA512

      e9f1d230d6349ce73a6485b4189b37f7ec6f0cd854d5ff76e52c6740651ddd6835d5094f43fc95fb859111fb5653520abb97e01170fe48a8346aab28002758b5

    • SSDEEP

      12288:x78H18RW/TlNQnP0MNqXgP0foxF1nif0yQH29e6HF+Uz7mske:nRcTcVs1hxdH17mske

    Score
    10/10
    xloadermc6bdiscoveryloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader family

      xloader

    • Xloader payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      REVISED ISF Simple Data Template - .TAIPEI PORT.scr

    • Size

      939KB

    • MD5

      8f2339ea03c28445e8953c962b627a9f

    • SHA1

      78bb830baac34639d32490699ff1538417c253fa

    • SHA256

      223190694e03de0b3c9c95bdf8aeede128541033d3cf7bd4abeda4c17bba3d96

    • SHA512

      7956bf31099d792a8a307ae721c1bd1e72892c639371850e2e67f85efa024b9278442445979324f916ff4f583320bd58ca89fe917a1c7685c48d39b1ef5fbe1a

    • SSDEEP

      24576:HKQT/RPn1mpm2GmwzjZkY8HexKBwi/hMNFDWpke:zj51mdGRjZ0jhMNFqke

    Score
    10/10
    raccoona41ffcd20150e4814320ae5f467659001fd5a10fdiscoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Raccoon family

      raccoon

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks