Overview

overview

10

Static

static

f7d51f7883...e1.exe

windows7_x64

10

f7d51f7883...e1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7d51f78838308cdcd53b9c4f4af65e1.exe

  • Size

    1.0MB

  • Sample

    210122-kcf4v5jnqs

  • MD5

    f7d51f78838308cdcd53b9c4f4af65e1

  • SHA1

    cddc4f2499ffb79666db8b8c38d9f2c74b9ab219

  • SHA256

    f5758fdd9563e9b445b84a1644d9c37b3ff16903b67e7e05872c068ddd6be0c6

  • SHA512

    3134ca19c1c0fe12a769b51909edfcc8da51b927e6414c7305d23280b8778de404759b8a56cd716a4c9fbda3f5e6b44ece160bceaa762011b35a3b40e930ae5e

Score
10/10
raccoonransomwarestealer

Malware Config

Targets

    • Target

      f7d51f78838308cdcd53b9c4f4af65e1.exe

    • Size

      1.0MB

    • MD5

      f7d51f78838308cdcd53b9c4f4af65e1

    • SHA1

      cddc4f2499ffb79666db8b8c38d9f2c74b9ab219

    • SHA256

      f5758fdd9563e9b445b84a1644d9c37b3ff16903b67e7e05872c068ddd6be0c6

    • SHA512

      3134ca19c1c0fe12a769b51909edfcc8da51b927e6414c7305d23280b8778de404759b8a56cd716a4c9fbda3f5e6b44ece160bceaa762011b35a3b40e930ae5e

    Score
    10/10
    raccoonransomwarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks