crypted[1].bin

General
Target

crypted[1].bin

Size

1MB

Sample

191129-bykghah8ge

Score
MD5

121f7cba18bcb38e68bd4fc4f2e71815

SHA1

25f64ae766388a2c6b43c063a84451b6725e3115

SHA256

9a923eb389bf1c51d9a53cc52951dcbc2bd4f2ac2cb810295e201987031a6e57

SHA512

7b10cfffea055f61c773fae242c4e151b61109018e82c47d5ef54321cd7eb30deb58d2fb10fc4906331437bbf232e391bec407c1e2db82159b2eea52c4de07de

Malware Config
Targets
Target

crypted[1].bin

MD5

121f7cba18bcb38e68bd4fc4f2e71815

Filesize

1MB

Score
N/A
SHA1

25f64ae766388a2c6b43c063a84451b6725e3115

SHA256

9a923eb389bf1c51d9a53cc52951dcbc2bd4f2ac2cb810295e201987031a6e57

SHA512

7b10cfffea055f61c773fae242c4e151b61109018e82c47d5ef54321cd7eb30deb58d2fb10fc4906331437bbf232e391bec407c1e2db82159b2eea52c4de07de

Signatures

  • raccoon family

  • Deletes itself

  • Loads dropped DLL

  • Accesses Bither wallet, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks for installed software on the system

    Tags

    TTPs

    Query Registry
  • Modifies system certificate store

    Tags

    TTPs

    Install Root Certificate Modify Registry
  • Reads 7star user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Amigo user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Bromium user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Centbrowser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Chedot user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Chrome SxS user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Chrome user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Chromium user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Dragon user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Elements browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Epic privacy browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Firefox user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Go! user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Kometa user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Mustang user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Nichrome user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Orbitum user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Pale Moon browser user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Qip surf user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Rockmelt user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Secure browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Sputnik user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Suhba user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Superbird user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Tor Browser user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Torch user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Uran user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Vivaldi user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads Waterfox user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user profile for Thunderbird email client, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation