Overview

overview

10

Static

static

b3f20f07e7...49.exe

windows7_x64

10

b3f20f07e7...49.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3f20f07e7aa1f94c85068af6a43c349.exe

  • Size

    555KB

  • Sample

    210227-r35vn3yken

  • MD5

    b3f20f07e7aa1f94c85068af6a43c349

  • SHA1

    dc16363df0389f57862368bdc04f793545ee09b1

  • SHA256

    41777ed7d655a1cb0fe45a38f46964172a7328b5620ecc4bfb83964988505b27

  • SHA512

    7a3ec771a038fcab69b156977a9d8e416905cad923513b9f221695a5b2134bc53792ff83d5c4f0885e024ca691007eeb1e121471f8d1307868a3243e84bd1d34

Score
10/10
raccoona3a85b69314053c3bb015532d1a960a3d08baeb8stealer

Malware Config

Extracted

Family

raccoon

Botnet

a3a85b69314053c3bb015532d1a960a3d08baeb8

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      b3f20f07e7aa1f94c85068af6a43c349.exe

    • Size

      555KB

    • MD5

      b3f20f07e7aa1f94c85068af6a43c349

    • SHA1

      dc16363df0389f57862368bdc04f793545ee09b1

    • SHA256

      41777ed7d655a1cb0fe45a38f46964172a7328b5620ecc4bfb83964988505b27

    • SHA512

      7a3ec771a038fcab69b156977a9d8e416905cad923513b9f221695a5b2134bc53792ff83d5c4f0885e024ca691007eeb1e121471f8d1307868a3243e84bd1d34

    Score
    10/10
    raccoona3a85b69314053c3bb015532d1a960a3d08baeb8stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks