Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcf7a5b5cc303de2b291a9995b5af988

  • Size

    8KB

  • Sample

    200203-nvt5qhha2x

  • MD5

    dcf7a5b5cc303de2b291a9995b5af988

  • SHA1

    ed5be2c701a3eb869ce0d27bca46f647ba4584f4

  • SHA256

    7d10d47d6b6dc818f56e22f849882aaee163ee8efc8c445943a05a7bb2941388

  • SHA512

    db13eb2a07bb1f2e20476c30c64b1873e5d276641b9c24f74cafb099774b5ae82bf363839a718a2a1d3feae3373f147e581245c94ac15b37207c6940c95cb8ca

Score
10/10
raccoon96fbb9a261409f76a9b2ba90f8eb1f6e633e5276discoveryevasionspywaretrojan

Malware Config

Extracted

Family

raccoon

Botnet

96fbb9a261409f76a9b2ba90f8eb1f6e633e5276

C2

http://34.65.176.45/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=11NQtidlWUdLmMgpwZF7tL_ouY6V4lcQs

rc4.plain
rc4.plain

Targets

    • Target

      dcf7a5b5cc303de2b291a9995b5af988

    • Size

      8KB

    • MD5

      dcf7a5b5cc303de2b291a9995b5af988

    • SHA1

      ed5be2c701a3eb869ce0d27bca46f647ba4584f4

    • SHA256

      7d10d47d6b6dc818f56e22f849882aaee163ee8efc8c445943a05a7bb2941388

    • SHA512

      db13eb2a07bb1f2e20476c30c64b1873e5d276641b9c24f74cafb099774b5ae82bf363839a718a2a1d3feae3373f147e581245c94ac15b37207c6940c95cb8ca

    Score
    10/10
    spywarediscoveryraccoonevasiontrojan

    • Process spawned unexpected child process

    • Raccoon

      It's the RaccAttack!

      raccoon

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware
    task1task2

MITRE ATT&CK Enterprise v6

Tasks