Raccoon Stealer infection Malware svchost.exe 217.8.117.89 34.89.22.128

This is the latest sample of Raccoon which is an info stealer type malware available as a Malware as a Service. It can be obtained for a subscription and costs $200 per month. Raccoon malware has already infected over 100,000 devices and became one of the most mentioned viruses on the underground forums in 2019. This malware uses base64 encoding for each infected host as you can see below in the packets and here is what it looks like decoded: echo “Ym90X2lkPUQ1MDE3MUYzLUIxRkQtNDFDOS1BRkJGLTNERDJGNzJDOTBCN19yeTR3biZjb25maWdfaWQ9MjE0MWRhOTJiNGFkM2FjODM3ZTAxNjc1Y2UzYTE2ODE4ODUzOTVlMCZkYXRhPW51bGw=” | base64 -d bot_id=D50171F3-B1FD-41C9-AFBF-3DD2F72C90B7_ry4wn&config_id=2141da92b4ad3ac837e01675ce3a1681885395e0&data=null bot_id=D50171F3-B1FD-41C9-AFBF-3DD2F72C90B7_ry4wn&config_id=2141da92b4ad3ac837e01675ce3a1681885395e0&data=null 2020-05-09 02:34:34.532063 IP 192.168.86.25.56399 > 217.8.117.89.80: Flags [P.], seq 1:398, ack 1, win 16425, […]

Kpot Mikey Malware Sample PCAP File Download Traffic Analysis pollarr.top

What Kryptik virus can do? Executable code extraction Attempts to connect to a dead IP:Port (1 unique times) Creates RWX memory A process attempted to delay the analysis task. Expresses interest in specific running processes HTTP traffic contains suspicious features which may be indicative of malware related traffic Performs some HTTP requests The binary likely contains encrypted or compressed data. Detects Sandboxie through the presence of a library Checks for the presence of known windows from debuggers and forensic tools Attempts to repeatedly call a single API many times in order to delay analysis time Steals private information from local Internet […]