Resubmissions

27-02-2020 14:31

200227-bkpn15vpg2 10

21-02-2020 16:28

200221-rpakr52wfa 10

20-02-2020 19:36

200220-tp5ealxpvx 10

General

  • Target

    1157719080.EXE

  • Size

    878KB

  • Sample

    200227-bkpn15vpg2

  • MD5

    7e70e99390a74ad36bfd7b82f8f6df7e

  • SHA1

    404d5850b8967259d778c796a0720abe35018d98

  • SHA256

    09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222

  • SHA512

    c31f71dae0624f30ff1f23640168a769dfb14ff7f8cabf01aa0a3ae4465b1e56f67a12c9bf84b39bb24897ea25ad4144253be2f50ffb640a008e1fcfbaf48226

Malware Config

Extracted

Family

raccoon

Botnet

3dbd762906e1b32ddcb1ca61554f89c2f5686d2c

C2

http://34.90.199.36/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1-sIY2_CjYF5N7Cc4kIq7R17orSgXQ5Y6

rc4.plain
rc4.plain

Targets

    • Target

      1157719080.EXE

    • Size

      878KB

    • MD5

      7e70e99390a74ad36bfd7b82f8f6df7e

    • SHA1

      404d5850b8967259d778c796a0720abe35018d98

    • SHA256

      09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222

    • SHA512

      c31f71dae0624f30ff1f23640168a769dfb14ff7f8cabf01aa0a3ae4465b1e56f67a12c9bf84b39bb24897ea25ad4144253be2f50ffb640a008e1fcfbaf48226

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Modifies system certificate store

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks