payload.bin

General
Target

payload.bin

Size

413KB

Sample

191202-tlqmh39dms

Score
10 /10
MD5

78d9ee4ebd4513402dffaf2efccbad0e

SHA1

713576099fea6dd4c37e84e2c507bc1e7f027948

SHA256

9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38

SHA512

f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d

Malware Config
Targets
Target

payload.bin

MD5

78d9ee4ebd4513402dffaf2efccbad0e

Filesize

413KB

Score
10 /10
SHA1

713576099fea6dd4c37e84e2c507bc1e7f027948

SHA256

9d86acff939f2bab3d4a8a8eed8581475189a3e76ba03bbe30e7b36c4b0ffd38

SHA512

f611fea65cacd42c488aa4ae365e38a96f154e79b1e283efef0b8a6aa0c6b8a0d3e7317d57209317b5d0b9a7822ece8809ac7c0a15df1b7328c447314971034d

Tags

Signatures

  • Raccoon

    Description

    It's the RaccAttack!

  • Deletes itself

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry

  • Checks for installed software on the system

    Tags

    TTPs

    Query Registry

  • Modifies system certificate store

    Tags

    TTPs

    Install Root Certificate Modify Registry

  • Reads 7star user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Amigo user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Bromium user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Centbrowser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Chedot user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Chrome SxS user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Chrome user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Chromium user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Dragon user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Elements browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Epic privacy browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Firefox user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Go! user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Kometa user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Mustang user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Nichrome user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Orbitum user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Pale Moon browser user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Qip surf user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Rockmelt user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Secure browser user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Sputnik user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Suhba user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Superbird user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Tor Browser user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Torch user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Uran user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Vivaldi user data, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads Waterfox user profile, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Reads user profile for Thunderbird email client, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files

  • Checks system information in the registry

    Description

    System information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery

Related Tasks

task1 task2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
    Discovery
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation