Overview

overview

10

Static

static

wotsuper2.exe

windows7_x64

10

wotsuper2.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wotsuper2.exe

  • Size

    1.9MB

  • Sample

    200218-5t7dbcct6n

  • MD5

    864caa3b81740d39b069b9cbb2e67d31

  • SHA1

    bdbf23ef85d6f0ead1482f2c06ea9dcc9f9bda53

  • SHA256

    32f98310a458d19c44263eb456e19ee2d6d16a3d096d9416596c7f24eb0d3074

  • SHA512

    b7a297e4486e17f141fdd45922a74fa4939c3172c8fc54ff91c8489e02cd658f9ede3a98c65e33b9d48ab4e40a867372e6b7407134734160c56bfb172a98e462

Score
10/10
raccoonee29149280396bb8bfd2a331aa61b6bca42540c7discoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.4.2 Release Build compiled on Tue Dec 17 14:14:55 2019 Launched at: 2020.02.18 - 16:13:18 GMT Bot_ID: CB3421D8-E2C8-4B12-9D02-76148B2A4ECF_Admin ============ System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: JLKTGBTU - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (380 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

ee29149280396bb8bfd2a331aa61b6bca42540c7

C2

http://34.76.55.103/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=10rzaNoF7YXiRpeyiHdkSdciNDW4V5jrc

rc4.plain
rc4.plain

Targets

    • Target

      wotsuper2.exe

    • Size

      1.9MB

    • MD5

      864caa3b81740d39b069b9cbb2e67d31

    • SHA1

      bdbf23ef85d6f0ead1482f2c06ea9dcc9f9bda53

    • SHA256

      32f98310a458d19c44263eb456e19ee2d6d16a3d096d9416596c7f24eb0d3074

    • SHA512

      b7a297e4486e17f141fdd45922a74fa4939c3172c8fc54ff91c8489e02cd658f9ede3a98c65e33b9d48ab4e40a867372e6b7407134734160c56bfb172a98e462

    Score
    10/10
    evasionspywaretrojandiscoverystealerraccoon

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks