Overview

overview

10

Static

static

RFQUOTE_JA...TH.exe

windows7_x64

10

RFQUOTE_JA...TH.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQUOTE_JANUARY_STOCKLIST_18TH.exe

  • Size

    1.5MB

  • Sample

    210118-hrdp3w6rds

  • MD5

    c94e30adf3bdd6d0316071781d5803b9

  • SHA1

    fb98cb99a63ba3b6344700a6d5e2abcdd6d9e96c

  • SHA256

    50835c6c6d8bd3415be9849c272876e863b792c035f052a03449aefb646a600a

  • SHA512

    3f671796011f1964dbfef62dfc4815577390e15d7fc59f62bb2883f1ae709028e403ec194fed6bd02b8e2e48fa24f71dc0c725ab5016f532ee30b47805899be9

Score
10/10
raccoonstealer

Malware Config

Targets

    • Target

      RFQUOTE_JANUARY_STOCKLIST_18TH.exe

    • Size

      1.5MB

    • MD5

      c94e30adf3bdd6d0316071781d5803b9

    • SHA1

      fb98cb99a63ba3b6344700a6d5e2abcdd6d9e96c

    • SHA256

      50835c6c6d8bd3415be9849c272876e863b792c035f052a03449aefb646a600a

    • SHA512

      3f671796011f1964dbfef62dfc4815577390e15d7fc59f62bb2883f1ae709028e403ec194fed6bd02b8e2e48fa24f71dc0c725ab5016f532ee30b47805899be9

    Score
    10/10
    raccoonstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks