General

  • Target

    3aa41ad444d0f5d89f9c53a5677535f6.exe

  • Size

    549KB

  • Sample

    210223-jk388shn4x

  • MD5

    3aa41ad444d0f5d89f9c53a5677535f6

  • SHA1

    299665a9447471619814b577688694a6c30b5fdb

  • SHA256

    dbbc522719582c66077a06ac1b94fedeed360335d5762dbc78a5744d4309ce93

  • SHA512

    c96bb855050d72ce0936bad78976c6442faa8778dc9947f42b1eb3d2488fcfeb7ebb2eca022656b5e27692ae941f8e26e1e453ccf7c742cb2cdfb2d74ffa6247

Malware Config

Extracted

Family

raccoon

Botnet

99fdcb30af520f176f0e14e858c8bb23c13330d9

Attributes
  • url4cnc

    https://tttttt.me/jrrand0mer

rc4.plain
rc4.plain

Targets

    • Target

      3aa41ad444d0f5d89f9c53a5677535f6.exe

    • Size

      549KB

    • MD5

      3aa41ad444d0f5d89f9c53a5677535f6

    • SHA1

      299665a9447471619814b577688694a6c30b5fdb

    • SHA256

      dbbc522719582c66077a06ac1b94fedeed360335d5762dbc78a5744d4309ce93

    • SHA512

      c96bb855050d72ce0936bad78976c6442faa8778dc9947f42b1eb3d2488fcfeb7ebb2eca022656b5e27692ae941f8e26e1e453ccf7c742cb2cdfb2d74ffa6247

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Tasks