Overview

overview

10

Static

static

63aa46c2f8...e2.exe

windows7_x64

10

63aa46c2f8...e2.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63aa46c2f83941e8517b7fbd05e15f2c2460c0ddeb9cd903a0c58ff2dca380e2.exe

  • Size

    687KB

  • Sample

    200319-k9qzl187ea

  • MD5

    d4dad82dd4ed06b230151a6496884ff6

  • SHA1

    d4d3017a9188c0087bf65e644a200a9aefbbce1b

  • SHA256

    63aa46c2f83941e8517b7fbd05e15f2c2460c0ddeb9cd903a0c58ff2dca380e2

  • SHA512

    d95ca593907b3552a47f3070def99b2bba6ed1939b8fa598b5e023ee931e4a3fe8c333e3ccf88a00350330abdc6da87eded16f55d19115242b56d14f47be0bf2

Score
10/10
raccoon63b0da3331d966cfbcc1dbb16cf24eac9a5d4e85discoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.4.8 Release Build compiled on Tue Feb 18 21:33:22 2020 Launched at: 2020.03.19 - 13:00:50 GMT Bot_ID: CB3421D8-E2C8-4B12-9D02-76148B2A4ECF_Admin =R=A=C=C=O=O=N= System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: JLKTGBTU - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (383 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

63b0da3331d966cfbcc1dbb16cf24eac9a5d4e85

C2

http://34.76.15.247/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1I7jmFhJY4KCn0dqAcr5L-h-D70KGZkaF

rc4.plain
rc4.plain

Targets

    • Target

      63aa46c2f83941e8517b7fbd05e15f2c2460c0ddeb9cd903a0c58ff2dca380e2.exe

    • Size

      687KB

    • MD5

      d4dad82dd4ed06b230151a6496884ff6

    • SHA1

      d4d3017a9188c0087bf65e644a200a9aefbbce1b

    • SHA256

      63aa46c2f83941e8517b7fbd05e15f2c2460c0ddeb9cd903a0c58ff2dca380e2

    • SHA512

      d95ca593907b3552a47f3070def99b2bba6ed1939b8fa598b5e023ee931e4a3fe8c333e3ccf88a00350330abdc6da87eded16f55d19115242b56d14f47be0bf2

    Score
    10/10
    spywarediscoverystealerraccoonevasiontrojan

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Executes dropped EXE

    • Loads dropped DLL

    • Program crash

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Legitimate hosting services abused for malware hosting/C2.

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks