Overview

overview

10

Static

static

4wvbd5ykxwfxg.exe

windows7_x64

10

4wvbd5ykxwfxg.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4wvbd5ykxwfxg.exe

  • Size

    5.5MB

  • Sample

    200218-rp1t7sna5e

  • MD5

    45a02b429739d0d3c02e972ec3964eb1

  • SHA1

    2842b9f8f61c85543545946973b4b750b070fde1

  • SHA256

    82214d13917ce35d7a08d47bcd2a053ad385d1f13fed5d06507eeb9471c918b2

  • SHA512

    fded983fdf09401ce0f2633e9dd55623692dc4b29d49ebf49bffabd76e009f8946eb8a35ce2cfcfb5eec5542010229e66ce6fd38b9bae6f82ccc6d5510ae7562

Score
10/10
raccoon89379f5371f470435351b0d002d50f28a65fff02discoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.4.2 Release Build compiled on Tue Dec 17 14:14:55 2019 Launched at: 2020.02.18 - 16:19:24 GMT Bot_ID: CB3421D8-E2C8-4B12-9D02-76148B2A4ECF_Admin ============ System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: JLKTGBTU - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (384 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

89379f5371f470435351b0d002d50f28a65fff02

C2

http://104.155.44.42/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1jN5ZmsLRZEQEtxsUIIVXnSOKaqBdnX6Z

rc4.plain
rc4.plain

Targets

    • Target

      4wvbd5ykxwfxg.exe

    • Size

      5.5MB

    • MD5

      45a02b429739d0d3c02e972ec3964eb1

    • SHA1

      2842b9f8f61c85543545946973b4b750b070fde1

    • SHA256

      82214d13917ce35d7a08d47bcd2a053ad385d1f13fed5d06507eeb9471c918b2

    • SHA512

      fded983fdf09401ce0f2633e9dd55623692dc4b29d49ebf49bffabd76e009f8946eb8a35ce2cfcfb5eec5542010229e66ce6fd38b9bae6f82ccc6d5510ae7562

    Score
    10/10
    evasionspywaretrojandiscoverystealerraccoon

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Program crash

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks