General

  • Target

    5efc99d9f6a8e501f7196aac0c8f82c5.exe

  • Size

    555KB

  • Sample

    210227-wbz2vss7le

  • MD5

    5efc99d9f6a8e501f7196aac0c8f82c5

  • SHA1

    61565efdd1d8300d91795fd514219c6f92a1ef3e

  • SHA256

    48543c618981b229afd8f50a0cc5581e4325d098b1fc95c3074609d31e5e86a3

  • SHA512

    f43d2b1b397a18c249ab83fbe944ba6e0421497ed3a3cb3247b10ba0ef663674902713fa6a55e6c5662f171d25cc91262bb99c004f669bb6e59b10006f2e1d93

Malware Config

Extracted

Family

raccoon

Botnet

a3a85b69314053c3bb015532d1a960a3d08baeb8

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      5efc99d9f6a8e501f7196aac0c8f82c5.exe

    • Size

      555KB

    • MD5

      5efc99d9f6a8e501f7196aac0c8f82c5

    • SHA1

      61565efdd1d8300d91795fd514219c6f92a1ef3e

    • SHA256

      48543c618981b229afd8f50a0cc5581e4325d098b1fc95c3074609d31e5e86a3

    • SHA512

      f43d2b1b397a18c249ab83fbe944ba6e0421497ed3a3cb3247b10ba0ef663674902713fa6a55e6c5662f171d25cc91262bb99c004f669bb6e59b10006f2e1d93

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks