raccoon | 3b984a63a50b7944b756e98cb6623256be3b8d44485c920de3686045c11b2cc6

Analysis

max time kernel
13s
max time network
102s
platform
windows10_x64
resource
win10v20201028
submitted
24-02-2021 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

E910.tmp.exe
Size

463KB
MD5

a1080d84ad1bb335d068c44407b8e95a
SHA1

78ec708c6dafcd9763d791d749c54b0b70d4881f
SHA256

3b984a63a50b7944b756e98cb6623256be3b8d44485c920de3686045c11b2cc6
SHA512

cb5c216644878f83709250bdec13948b53b64f7db9bd56b1eb062c7806e62ebdfc778f91e1c6153a84aa6e37970cab7f007d8458d05dc06c8ba4a0ae9f49ec63

Score

10^/10

raccoon 9ba64f4b6fe448911470a88f09d6e7d5b92ff0ab discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

9ba64f4b6fe448911470a88f09d6e7d5b92ff0ab

Attributes

url4cnc
https://telete.in/jagressor_kz

rc4.plain

Signatures

Raccoon
Simple but powerful infostealer which was very active in 2019.
stealer raccoon
Loads dropped DLL 1 IoCs

Processes:

E910.tmp.exe

pid process

4760 E910.tmp.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
4760	E910.tmp.exe

C:\Users\Admin\AppData\Local\Temp\E910.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\E910.tmp.exe"
1⤵
- Loads dropped DLL
PID:4760

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\LocalLow\sqlite3.dll
MD5
f964811b68f9f1487c2b41e1aef576ce

SHA1
b423959793f14b1416bc3b7051bed58a1034025f

SHA256
83bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7

SHA512
565b1a7291c6fcb63205907fcd9e72fc2e11ca945afc4468c378edba882e2f314c2ac21a7263880ff7d4b84c2a1678024c1ac9971ac1c1de2bfa4248ec0f98c4

Download Submit
memory/4760-2-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/4760-3-0x0000000000C50000-0x0000000000CE2000-memory.dmp

Filesize
584KB

Download
memory/4760-4-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download