General

  • Target

    5C17.tmp.exe

  • Size

    531KB

  • Sample

    210218-r511jrs52s

  • MD5

    aa2fed72f707d75a62ff90c33d180e88

  • SHA1

    908fa31c2a1e7621e382aec93e2255cda2f4ad76

  • SHA256

    134a4ec0eea6bc50b58a12837dd035bcbfbfe766667ad79cfb87346a413ee22d

  • SHA512

    bc1e53620b4951fddba69c9c46ac3e8079fa19acf99daadce3f0293d8964d688c789436bf13f74991faaa5cd4522116ea049053fe6b48eb2aa062e9c09bfc0c0

Malware Config

Extracted

Family

raccoon

Botnet

310b6bfba897d478c7212dc7fdbe942b00728875

Attributes
  • url4cnc

    https://telete.in/j9ca1pel

rc4.plain
rc4.plain

Targets

    • Target

      5C17.tmp.exe

    • Size

      531KB

    • MD5

      aa2fed72f707d75a62ff90c33d180e88

    • SHA1

      908fa31c2a1e7621e382aec93e2255cda2f4ad76

    • SHA256

      134a4ec0eea6bc50b58a12837dd035bcbfbfe766667ad79cfb87346a413ee22d

    • SHA512

      bc1e53620b4951fddba69c9c46ac3e8079fa19acf99daadce3f0293d8964d688c789436bf13f74991faaa5cd4522116ea049053fe6b48eb2aa062e9c09bfc0c0

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks