Overview

overview

10

Static

static

host.bin.exe

windows7_x64

10

host.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    host.bin

  • Size

    496KB

  • Sample

    200415-s6pv8l1h16

  • MD5

    e4f4e051625054d753730fd9183c4a34

  • SHA1

    d538ffffd82540752a23d5defc90e501093861bf

  • SHA256

    43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797

  • SHA512

    10178975c49c2fc1c414ad1d106d1e46c0fa4bd1748bba24c80b7ff982da034019d69bba3b559255632a8df953dab7ec901b979d8be99ee88efefb3cbd9861a5

Score
10/10
raccoonff236091d9fbac249beeec4137efd72b5327efd9discoveryevasionspywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5 Release Build compiled on Tue Apr 7 15:04:24 2020 Launched at: 2020.04.15 - 16:53:33 GMT Bot_ID: 24232A4E-4B86-47C9-8A07-5A58937018F4_Admin Running on a desktop =R=A=C=C=O=O=N= System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: BKIWADLA - Username: Admin - IP: 154.61.71.13 - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (393 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Family

raccoon

Botnet

ff236091d9fbac249beeec4137efd72b5327efd9

C2

http://35.240.36.208/gate/log.php

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=12JPrOMXQIwvLmvbb60igt1JLe1WETE6M

rc4.plain
rc4.plain

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5 Release Build compiled on Tue Apr 7 15:04:24 2020 Launched at: 2020.04.15 - 16:53:27 GMT Bot_ID: 953DAA47-DD2D-4C7C-A4F4-C374A8807DB1_Admin Running on a desktop =R=A=C=C=O=O=N= System Information: - System Language: English - System TimeZone: -0 hrs - ComputerName: NHGEBMNE - Username: Admin - IP: 154.61.71.13 - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (652 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Targets

    • Target

      host.bin

    • Size

      496KB

    • MD5

      e4f4e051625054d753730fd9183c4a34

    • SHA1

      d538ffffd82540752a23d5defc90e501093861bf

    • SHA256

      43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797

    • SHA512

      10178975c49c2fc1c414ad1d106d1e46c0fa4bd1748bba24c80b7ff982da034019d69bba3b559255632a8df953dab7ec901b979d8be99ee88efefb3cbd9861a5

    Score
    10/10
    spywarestealerraccoonevasiontrojandiscovery

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks