Overview

overview

10

Static

static

66b1580426...73.exe

windows7_x64

10

66b1580426...73.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66b1580426a8b8bcfa79ffcbdc1f8e94bd22cf6643dd3f3ff519d30712e4db73

  • Size

    1.3MB

  • Sample

    201106-gn3hhpf66e

  • MD5

    672c168d4320323398943d1cd1e489df

  • SHA1

    bf8df765b16c756e2f6d0ea4034d7c8366eb3794

  • SHA256

    66b1580426a8b8bcfa79ffcbdc1f8e94bd22cf6643dd3f3ff519d30712e4db73

  • SHA512

    c2e67c8b8a0c91401bc497eca04196b5f0d9a91bf64d97d2bc186c88438d8abc945cb82cc9639ee0a5573858c943beebe7fdf72118b2bdb397a104426d71c0cc

Score
10/10
raccoonagilenetstealer

Malware Config

Targets

    • Target

      66b1580426a8b8bcfa79ffcbdc1f8e94bd22cf6643dd3f3ff519d30712e4db73

    • Size

      1.3MB

    • MD5

      672c168d4320323398943d1cd1e489df

    • SHA1

      bf8df765b16c756e2f6d0ea4034d7c8366eb3794

    • SHA256

      66b1580426a8b8bcfa79ffcbdc1f8e94bd22cf6643dd3f3ff519d30712e4db73

    • SHA512

      c2e67c8b8a0c91401bc497eca04196b5f0d9a91bf64d97d2bc186c88438d8abc945cb82cc9639ee0a5573858c943beebe7fdf72118b2bdb397a104426d71c0cc

    Score
    10/10
    raccoonagilenetstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks