Overview

overview

10

Static

static

ฺฺฺà...ฺฺ

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48441870358.exe

  • Size

    861KB

  • Sample

    210322-dv7jgyzz5e

  • MD5

    d955a83fd9673e4cb18f04a5a27dce76

  • SHA1

    f79d286030dee02f9dfe0254b96b2b36f640bc7f

  • SHA256

    aa28c45fdbbb903b0dcfaa9e7ba9461ea02bb3f1dcaa9ace2082e14fdbcda73b

  • SHA512

    22e8ad2bb11dd76d3d6d61c948fc86119994aaa907d49aaef470be81d12bbd2bf8447063efb6993d50848a4c399d670aad0bdfc78284fb2c1adde626256650e3

Score
10/10
raccoonc46f13f8aadc028907d65c627fd9163161661f6cdiscoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

c46f13f8aadc028907d65c627fd9163161661f6c

Attributes
  • url4cnc

    https://telete.in/capibar

rc4.plain
rc4.plain

Targets

    • Target

      48441870358.exe

    • Size

      861KB

    • MD5

      d955a83fd9673e4cb18f04a5a27dce76

    • SHA1

      f79d286030dee02f9dfe0254b96b2b36f640bc7f

    • SHA256

      aa28c45fdbbb903b0dcfaa9e7ba9461ea02bb3f1dcaa9ace2082e14fdbcda73b

    • SHA512

      22e8ad2bb11dd76d3d6d61c948fc86119994aaa907d49aaef470be81d12bbd2bf8447063efb6993d50848a4c399d670aad0bdfc78284fb2c1adde626256650e3

    Score
    10/10
    raccoonc46f13f8aadc028907d65c627fd9163161661f6cdiscoveryspywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks