Overview

overview

10

Static

static

SecuriteIn...26.exe

windows7_x64

10

SecuriteIn...26.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.BackDoor.Siggen2.247.25159.15326

  • Size

    2.3MB

  • Sample

    210223-37knvjytjj

  • MD5

    5b60d41bd93869e36d90775be1ae7830

  • SHA1

    d3c63b6d2f389c25071ab7bfee6370ae3e11f7d8

  • SHA256

    4fd202b93cc2d13fbf7ca7de657a4c1e2f979a027bc49600604720ff5588f5a0

  • SHA512

    230489316593278d53dc360216185c321604dc61ae6dc699afcec3d2f739b04559d2854f8460e0fdb9f1ab1dc713d237b050828c16a57cad0bf50f1de65e460c

Score
10/10
raccoon6bbb1ff45f4a7a29bea0350b103adad3e7f6df63stealer

Malware Config

Extracted

Family

raccoon

Botnet

6bbb1ff45f4a7a29bea0350b103adad3e7f6df63

Attributes
  • url4cnc

    https://tttttt.me/jojmalbec

rc4.plain
rc4.plain

Targets

    • Target

      SecuriteInfo.com.BackDoor.Siggen2.247.25159.15326

    • Size

      2.3MB

    • MD5

      5b60d41bd93869e36d90775be1ae7830

    • SHA1

      d3c63b6d2f389c25071ab7bfee6370ae3e11f7d8

    • SHA256

      4fd202b93cc2d13fbf7ca7de657a4c1e2f979a027bc49600604720ff5588f5a0

    • SHA512

      230489316593278d53dc360216185c321604dc61ae6dc699afcec3d2f739b04559d2854f8460e0fdb9f1ab1dc713d237b050828c16a57cad0bf50f1de65e460c

    Score
    10/10
    raccoon6bbb1ff45f4a7a29bea0350b103adad3e7f6df63stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks