Overview

overview

10

Static

static

966b20a723...02.exe

windows7_x64

10

966b20a723...02.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    966b20a7237a77a80f7a9192315f7702.exe

  • Size

    512KB

  • Sample

    200625-ntr1ep7qg2

  • MD5

    966b20a7237a77a80f7a9192315f7702

  • SHA1

    f3aa6f976f620fd8be15a53612638b5e66e27b35

  • SHA256

    356c60f9b2cfb563dc067db5971545eb5a414ab55bba68812adce17d7fe6d938

  • SHA512

    d4bb740578c448771ea085127f6713c78537876f6fb5855cd11334a00ae1c3b59fc974f99b3b5a3d31cfe1750ff6737646ffcd6853a6be05eb7879f1a4750ef7

Score
10/10
raccoondiscoveryevasionransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.11 Release Build compiled on Sat Jun 20 01:07:56 2020 Launched at: 2020.06.25 - 17:12:23 GMT Bot_ID: BAE8C589-5DA1-4C62-BE46-F8D74908CB8C_Admin Running on a desktop =R=A=C=C=O=O=N= System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.51 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: AVGLFESB - Username: Admin - Windows version: NT 6.1 - Product name: Windows 7 Professional - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 2047 MB (410 MB used) - Screen resolution: 1280x720 - Display devices: 0) Standard VGA Graphics Adapter ============

Extracted

Path

C:\Users\Admin\AppData\LocalLow\machineinfo.txt

Family

raccoon

Ransom Note
[Raccoon Stealer] - v1.5.11 Release Build compiled on Sat Jun 20 01:07:56 2020 Launched at: 2020.06.25 - 19:12:01 GMT Bot_ID: 3E009A64-65D7-465C-9098-F2673DD3F416_Admin Running on a desktop =R=A=C=C=O=O=N= System Information: - System Language: English - System TimeZone: -0 hrs - IP: 154.61.71.13 - Location: 37.750999, -97.821999 | ?, ?, United States (?) - ComputerName: OWZMOTQA - Username: Admin - Windows version: NT 10.0 - Product name: Windows 10 Pro - System arch: x64 - CPU: Persocon Processor 2.5+ (2 cores) - RAM: 4095 MB (691 MB used) - Screen resolution: 1280x720 - Display devices: 0) Microsoft Basic Display Adapter ============

Targets

    • Target

      966b20a7237a77a80f7a9192315f7702.exe

    • Size

      512KB

    • MD5

      966b20a7237a77a80f7a9192315f7702

    • SHA1

      f3aa6f976f620fd8be15a53612638b5e66e27b35

    • SHA256

      356c60f9b2cfb563dc067db5971545eb5a414ab55bba68812adce17d7fe6d938

    • SHA512

      d4bb740578c448771ea085127f6713c78537876f6fb5855cd11334a00ae1c3b59fc974f99b3b5a3d31cfe1750ff6737646ffcd6853a6be05eb7879f1a4750ef7

    Score
    10/10
    ransomwareevasionspywaretrojandiscoverystealerraccoon

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Raccoon log file

      Detects a log file produced by the Raccoon Stealer.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Modifies system certificate store

      evasionspywaretrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks