Overview

overview

10

Static

static

348f0076f0...76.exe

windows7_x64

10

348f0076f0...76.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    348f0076f012ff2394b7c1c21dc91876

  • Size

    1.4MB

  • Sample

    200212-rwpx9151sx

  • MD5

    348f0076f012ff2394b7c1c21dc91876

  • SHA1

    0cf8cfde66b6e6c1cbf64e1fe0a29dc56dec961b

  • SHA256

    b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

  • SHA512

    37268bb8a9dc25365867819bd384239a1db5b8d35a3e3fbcc851400eb4b1e557b48adc7151d83ca0f073f814a0749a71c6dce2fc88dabbc542c24f230acff8c7

Score
10/10
raccoon316ff478595e2db6ecc2380dc0039736dea133bcdiscoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.2 Kushage Release Build compiled on Mon Oct 28 17:22:24 2019 Launched at: 2020.02.12 - 20:15:31 GMT Bot_ID: 18654976-C7DB-4A1A-8859-070035D242D5_Admin ============ System Information: - System Language: English - ComputerName: JUEOVPOM - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (411 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

316ff478595e2db6ecc2380dc0039736dea133bc

C2

http://34.76.55.103/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1Bi_uNdZ2iSQljAb5TSljuYV1vp5edk1X

rc4.plain
rc4.plain

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.2 Kushage Release Build compiled on Mon Oct 28 17:22:24 2019 Launched at: 2020.02.12 - 20:16:30 GMT Bot_ID: 293FA5BD-EDFB-4BBA-800E-A7DCE3EA3438_Admin ============ System Information: - System Language: English - ComputerName: DQPLNXWK - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.2 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (724 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Targets

    • Target

      348f0076f012ff2394b7c1c21dc91876

    • Size

      1.4MB

    • MD5

      348f0076f012ff2394b7c1c21dc91876

    • SHA1

      0cf8cfde66b6e6c1cbf64e1fe0a29dc56dec961b

    • SHA256

      b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

    • SHA512

      37268bb8a9dc25365867819bd384239a1db5b8d35a3e3fbcc851400eb4b1e557b48adc7151d83ca0f073f814a0749a71c6dce2fc88dabbc542c24f230acff8c7

    Score
    10/10
    evasionspywaretrojandiscoverystealerraccoon

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks