Overview

overview

10

Static

static

RFQUOTE_JA...te.exe

windows7_x64

1

RFQUOTE_JA...te.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQUOTE_JANUARY_STOCKLIST_18TH_NEW_Quote.exe

  • Size

    1.5MB

  • Sample

    210118-ssx3evxx5x

  • MD5

    43fdc9165d93a341f905b62dbe734fad

  • SHA1

    f0db5a34063e2b11b5c39f3e08260ebb97e01873

  • SHA256

    525019392f589015d4cb657058ad8421ac258cfcf1d08913eba3a91e6fdbe658

  • SHA512

    53b94b004829c3a52b4f0b4663a8b5930650b5308ed06814a644bb009daf891f92086f7297a361644e39d478e6d3831ca9d339c61cad292526ef17342d214846

Score
10/10
raccoonstealer

Malware Config

Targets

    • Target

      RFQUOTE_JANUARY_STOCKLIST_18TH_NEW_Quote.exe

    • Size

      1.5MB

    • MD5

      43fdc9165d93a341f905b62dbe734fad

    • SHA1

      f0db5a34063e2b11b5c39f3e08260ebb97e01873

    • SHA256

      525019392f589015d4cb657058ad8421ac258cfcf1d08913eba3a91e6fdbe658

    • SHA512

      53b94b004829c3a52b4f0b4663a8b5930650b5308ed06814a644bb009daf891f92086f7297a361644e39d478e6d3831ca9d339c61cad292526ef17342d214846

    Score
    10/10
    raccoonstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks