Overview

overview

10

Static

static

pa1reui4zmqkzf1.exe

windows7_x64

10

pa1reui4zmqkzf1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pa1reui4zmqkzf1.exe

  • Size

    5.5MB

  • Sample

    200218-gfcrywzt8j

  • MD5

    faba8d1f0a1c89d9bde654edb128da56

  • SHA1

    c64d7afcfd3605acc7ff3ce8959f7976c0de437b

  • SHA256

    7c0f865eb289347327a93774d91a5154cfdaf5e3a31318bedf5024463bcac4eb

  • SHA512

    73a35c72783ea3c13228116efca8fde220271e4dbd73c19834ae97dacc91df528e432e4daa25b1bd8bda680b534929054c2bb7b57d9f5be119d2b00b65f70a25

Score
10/10
raccoon89379f5371f470435351b0d002d50f28a65fff02discoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.4.2 Release Build compiled on Tue Dec 17 14:14:55 2019 Launched at: 2020.02.18 - 16:12:51 GMT Bot_ID: CB3421D8-E2C8-4B12-9D02-76148B2A4ECF_Admin ============ System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: JLKTGBTU - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (382 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

89379f5371f470435351b0d002d50f28a65fff02

C2

http://104.155.44.42/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1jN5ZmsLRZEQEtxsUIIVXnSOKaqBdnX6Z

rc4.plain
rc4.plain

Targets

    • Target

      pa1reui4zmqkzf1.exe

    • Size

      5.5MB

    • MD5

      faba8d1f0a1c89d9bde654edb128da56

    • SHA1

      c64d7afcfd3605acc7ff3ce8959f7976c0de437b

    • SHA256

      7c0f865eb289347327a93774d91a5154cfdaf5e3a31318bedf5024463bcac4eb

    • SHA512

      73a35c72783ea3c13228116efca8fde220271e4dbd73c19834ae97dacc91df528e432e4daa25b1bd8bda680b534929054c2bb7b57d9f5be119d2b00b65f70a25

    Score
    10/10
    evasionspywaretrojandiscoverystealerraccoon

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Program crash

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks