Overview

overview

10

Static

static

BF8F.exe

windows7_x64

10

BF8F.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BF8F.exe

  • Size

    543KB

  • Sample

    210213-dczxh6pyl6

  • MD5

    b83824943c7a0443d68a7d78dcbf3513

  • SHA1

    6f01e71b02454c9376e294568b86bf335539bc7e

  • SHA256

    8f4b5c0e97e499d58e4fbad1aacccf195e569275a3f3ce5360d7b81b99d04ed4

  • SHA512

    1837614041b8b1fd79c8a2590c4a0fe73312fe804331b9b61f1169829360cb23bffd2ea76cd9d153e4963fc96021c00a5179d6300cdd4b6387b2ad069681d863

Score
10/10
raccoon17694a35d42ac97e2cd3ebd196db01b372cce1b0discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

17694a35d42ac97e2cd3ebd196db01b372cce1b0

Attributes
  • url4cnc

    https://telete.in/o23felk0s

rc4.plain
rc4.plain

Targets

    • Target

      BF8F.exe

    • Size

      543KB

    • MD5

      b83824943c7a0443d68a7d78dcbf3513

    • SHA1

      6f01e71b02454c9376e294568b86bf335539bc7e

    • SHA256

      8f4b5c0e97e499d58e4fbad1aacccf195e569275a3f3ce5360d7b81b99d04ed4

    • SHA512

      1837614041b8b1fd79c8a2590c4a0fe73312fe804331b9b61f1169829360cb23bffd2ea76cd9d153e4963fc96021c00a5179d6300cdd4b6387b2ad069681d863

    Score
    10/10
    raccoon17694a35d42ac97e2cd3ebd196db01b372cce1b0discoveryspywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks