Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    crypted[1].bin

  • Size

    1.0MB

  • Sample

    191129-bykghah8ge

  • MD5

    121f7cba18bcb38e68bd4fc4f2e71815

  • SHA1

    25f64ae766388a2c6b43c063a84451b6725e3115

  • SHA256

    9a923eb389bf1c51d9a53cc52951dcbc2bd4f2ac2cb810295e201987031a6e57

  • SHA512

    7b10cfffea055f61c773fae242c4e151b61109018e82c47d5ef54321cd7eb30deb58d2fb10fc4906331437bbf232e391bec407c1e2db82159b2eea52c4de07de

Score
10/10
raccoondiscoveryevasionfamilyspreadingspywaretrojan

Malware Config

Targets

    • Target

      crypted[1].bin

    • Size

      1.0MB

    • MD5

      121f7cba18bcb38e68bd4fc4f2e71815

    • SHA1

      25f64ae766388a2c6b43c063a84451b6725e3115

    • SHA256

      9a923eb389bf1c51d9a53cc52951dcbc2bd4f2ac2cb810295e201987031a6e57

    • SHA512

      7b10cfffea055f61c773fae242c4e151b61109018e82c47d5ef54321cd7eb30deb58d2fb10fc4906331437bbf232e391bec407c1e2db82159b2eea52c4de07de

    Score
    10/10
    evasionspywaretrojandiscoveryspreadingfamilyraccoon

    • raccoon family

      familyraccoon

    • Deletes itself

    • Loads dropped DLL

    • Accesses Bither wallet, possible credential harvesting

      spyware

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads 7star user data, possible credential harvesting

      spyware

    • Reads Amigo user data, possible credential harvesting

      spyware

    • Reads Bromium user data, possible credential harvesting

      spyware

    • Reads Centbrowser user data, possible credential harvesting

      spyware

    • Reads Chedot user data, possible credential harvesting

      spyware

    • Reads Chrome SxS user data, possible credential harvesting

      spyware

    • Reads Chrome user data, possible credential harvesting

      spyware

    • Reads Chromium user data, possible credential harvesting

      spyware

    • Reads Dragon user data, possible credential harvesting

      spyware

    • Reads Elements browser user data, possible credential harvesting

      spyware

    • Reads Epic privacy browser user data, possible credential harvesting

      spyware

    • Reads Firefox user profile, possible credential harvesting

      spyware

    • Reads Go! user data, possible credential harvesting

      spyware

    • Reads Kometa user data, possible credential harvesting

      spyware

    • Reads Mustang user data, possible credential harvesting

      spyware

    • Reads Nichrome user data, possible credential harvesting

      spyware

    • Reads Orbitum user data, possible credential harvesting

      spyware

    • Reads Pale Moon browser user profile, possible credential harvesting

      spyware

    • Reads Qip surf user data, possible credential harvesting

      spyware

    • Reads Rockmelt user data, possible credential harvesting

      spyware

    • Reads Secure browser user data, possible credential harvesting

      spyware

    • Reads Sputnik user data, possible credential harvesting

      spyware

    • Reads Suhba user data, possible credential harvesting

      spyware

    • Reads Superbird user data, possible credential harvesting

      spyware

    • Reads Tor Browser user profile, possible credential harvesting

      spyware

    • Reads Torch user data, possible credential harvesting

      spyware

    • Reads Uran user data, possible credential harvesting

      spyware

    • Reads Vivaldi user data, possible credential harvesting

      spyware

    • Reads Waterfox user profile, possible credential harvesting

      spyware

    • Reads user profile for Thunderbird email client, possible credential harvesting

      spyware
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

2
T1112

Disabling Security Tools

1
T1089

Credential Access

Credentials in Files

31
T1081

Discovery

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

31
T1005

Exfiltration

Command and Control

Impact

Tasks