Resubmissions

20-02-2021 16:38

210220-b514g72f52 10

24-07-2020 13:10

200724-dhjq1jvnt2 10

General

  • Target

    Payment_Reminder_UnPaid_PDF.exe

  • Size

    752KB

  • Sample

    210220-b514g72f52

  • MD5

    ceee22cc2421bc32bbbc8c9b57f67b20

  • SHA1

    ab1fce0e0b643e5423fb64549c6587105c806974

  • SHA256

    5ee204e73d774718f344f40f2345b6eb443ed2da6196aef5cc66e7691f069849

  • SHA512

    2dbf18cd9a7e65a26456bad495b45835238890fbbaf417b804f33c2e0123014ddd547c89fceb1e18453db6c8a9088c0ac66794e4917a0609958308855f7b99f9

Malware Config

Extracted

Family

raccoon

Botnet

1810c21452ee0c66739f7a8c548d8faa49e671aa

Attributes
  • url4cnc

    https://telete.in/h_electricryptors_1

rc4.plain
rc4.plain

Targets

    • Target

      Payment_Reminder_UnPaid_PDF.exe

    • Size

      752KB

    • MD5

      ceee22cc2421bc32bbbc8c9b57f67b20

    • SHA1

      ab1fce0e0b643e5423fb64549c6587105c806974

    • SHA256

      5ee204e73d774718f344f40f2345b6eb443ed2da6196aef5cc66e7691f069849

    • SHA512

      2dbf18cd9a7e65a26456bad495b45835238890fbbaf417b804f33c2e0123014ddd547c89fceb1e18453db6c8a9088c0ac66794e4917a0609958308855f7b99f9

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks