General

  • Target

    18f6edcc25f8528d841203138beedaee611f3b3d17fbc5e13be8fd744ca413ed

  • Size

    457KB

  • Sample

    210224-zvazej7jfj

  • MD5

    0c03665999420539851127b4a1c911ba

  • SHA1

    8648ef41c017c26841a280cc94640e3f4a26fd3b

  • SHA256

    18f6edcc25f8528d841203138beedaee611f3b3d17fbc5e13be8fd744ca413ed

  • SHA512

    70294b944096b87b2736d6b147230b0758de18860b1a05f1f359430fed697ad0423450eaaccead8f1c4a14429feda134c8e5c95e23133ef258cdc8830a3bd847

Malware Config

Extracted

Family

raccoon

Botnet

10c0109881f18ecf348e972501134667c0680a0c

Attributes
  • url4cnc

    https://telete.in/h_spon_1

rc4.plain
rc4.plain

Targets

    • Target

      18f6edcc25f8528d841203138beedaee611f3b3d17fbc5e13be8fd744ca413ed

    • Size

      457KB

    • MD5

      0c03665999420539851127b4a1c911ba

    • SHA1

      8648ef41c017c26841a280cc94640e3f4a26fd3b

    • SHA256

      18f6edcc25f8528d841203138beedaee611f3b3d17fbc5e13be8fd744ca413ed

    • SHA512

      70294b944096b87b2736d6b147230b0758de18860b1a05f1f359430fed697ad0423450eaaccead8f1c4a14429feda134c8e5c95e23133ef258cdc8830a3bd847

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks