Overview

overview

10

Static

static

b67e506c5b...55.exe

windows7_x64

10

b67e506c5b...55.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

  • Size

    1.4MB

  • Sample

    200218-d77byp4zee

  • MD5

    348f0076f012ff2394b7c1c21dc91876

  • SHA1

    0cf8cfde66b6e6c1cbf64e1fe0a29dc56dec961b

  • SHA256

    b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

  • SHA512

    37268bb8a9dc25365867819bd384239a1db5b8d35a3e3fbcc851400eb4b1e557b48adc7151d83ca0f073f814a0749a71c6dce2fc88dabbc542c24f230acff8c7

Score
10/10
raccoon316ff478595e2db6ecc2380dc0039736dea133bcdiscoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.2 Kushage Release Build compiled on Mon Oct 28 17:22:24 2019 Launched at: 2020.02.18 - 16:21:37 GMT Bot_ID: CB3421D8-E2C8-4B12-9D02-76148B2A4ECF_Admin ============ System Information: - System Language: English - ComputerName: JLKTGBTU - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (370 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

316ff478595e2db6ecc2380dc0039736dea133bc

C2

http://34.76.55.103/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1Bi_uNdZ2iSQljAb5TSljuYV1vp5edk1X

rc4.plain
rc4.plain

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.2 Kushage Release Build compiled on Mon Oct 28 17:22:24 2019 Launched at: 2020.02.18 - 16:21:44 GMT Bot_ID: 443E833C-4F92-4BAD-9E5E-EEC62C6F043E_Admin ============ System Information: - System Language: English - ComputerName: HAUYOKHG - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.2 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (667 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Targets

    • Target

      b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

    • Size

      1.4MB

    • MD5

      348f0076f012ff2394b7c1c21dc91876

    • SHA1

      0cf8cfde66b6e6c1cbf64e1fe0a29dc56dec961b

    • SHA256

      b67e506c5b8f79ad835ffe9ca039d2bf3109d10676e832c2da761b8714657a55

    • SHA512

      37268bb8a9dc25365867819bd384239a1db5b8d35a3e3fbcc851400eb4b1e557b48adc7151d83ca0f073f814a0749a71c6dce2fc88dabbc542c24f230acff8c7

    Score
    10/10
    spywarediscoverystealerraccoonevasiontrojan

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks