General

  • Target

    8d21f700c8065326609cc7ffc8cbcf613d2bf5b2fc8c18fa5f70bda2710a0fc9

  • Size

    576KB

  • Sample

    201108-y686pdy92s

  • MD5

    68c276523253297a529e1f27c5cf9b98

  • SHA1

    49c414426f05e9e18adfcfa10095250a41291756

  • SHA256

    8d21f700c8065326609cc7ffc8cbcf613d2bf5b2fc8c18fa5f70bda2710a0fc9

  • SHA512

    f350bde22b9faa313ff6f81dea2ce454638240ac391f81364860c8e53e4cc3d647e03922093e676e654d079d38a4938ea46843337ce98fcd9e12af342b4debf8

Malware Config

Targets

    • Target

      8d21f700c8065326609cc7ffc8cbcf613d2bf5b2fc8c18fa5f70bda2710a0fc9

    • Size

      576KB

    • MD5

      68c276523253297a529e1f27c5cf9b98

    • SHA1

      49c414426f05e9e18adfcfa10095250a41291756

    • SHA256

      8d21f700c8065326609cc7ffc8cbcf613d2bf5b2fc8c18fa5f70bda2710a0fc9

    • SHA512

      f350bde22b9faa313ff6f81dea2ce454638240ac391f81364860c8e53e4cc3d647e03922093e676e654d079d38a4938ea46843337ce98fcd9e12af342b4debf8

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks