General

  • Target

    9584fdd0093f7612a06159f37e50aa32.exe

  • Size

    556KB

  • Sample

    210227-y5cxv3psk6

  • MD5

    9584fdd0093f7612a06159f37e50aa32

  • SHA1

    3f4240e7bcdd940ecfd6e74cdb776fd9fe9a42c9

  • SHA256

    84c9d8e33e9bbff6837052a08a5d6f61d3a5815898a24b0739413ed1feb56976

  • SHA512

    114377569dbd93221aeecffd19d9f760c2764db07551edd5b0c3256881cdc9047e20368e632093a3d965ee401eea1a70e88d0e37b48937c25b7d6e4c9b8de7cb

Malware Config

Extracted

Family

raccoon

Botnet

a3a85b69314053c3bb015532d1a960a3d08baeb8

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      9584fdd0093f7612a06159f37e50aa32.exe

    • Size

      556KB

    • MD5

      9584fdd0093f7612a06159f37e50aa32

    • SHA1

      3f4240e7bcdd940ecfd6e74cdb776fd9fe9a42c9

    • SHA256

      84c9d8e33e9bbff6837052a08a5d6f61d3a5815898a24b0739413ed1feb56976

    • SHA512

      114377569dbd93221aeecffd19d9f760c2764db07551edd5b0c3256881cdc9047e20368e632093a3d965ee401eea1a70e88d0e37b48937c25b7d6e4c9b8de7cb

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks