Overview

overview

10

Static

static

3137257bba...ca.exe

windows7_x64

10

3137257bba...ca.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3137257bbaf3a228417da9bc3abc63ca.exe

  • Size

    525KB

  • Sample

    210322-lt5vv9bpmn

  • MD5

    3137257bbaf3a228417da9bc3abc63ca

  • SHA1

    73898dd0d6591b9dd6a9a8cd1c2b909219824488

  • SHA256

    f7b38e4972a5db6c45a63c5003b5bdc89cd8b93311af6be7f292e25cc9a8b072

  • SHA512

    6160678fd275fe3aceb2eda1736e9a939ebdf10f1823575fe43e47ed39a1b8141e486ea99461c12421f5f2a126f7253b1cd44ba75f6390a94a1f356bd9e1dd2e

Score
10/10
raccoon2ce901d964b370c5ccda7e4d68354ba040db8218discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

2ce901d964b370c5ccda7e4d68354ba040db8218

Attributes
  • url4cnc

    https://telete.in/tomarsjsmith3

rc4.plain
rc4.plain

Targets

    • Target

      3137257bbaf3a228417da9bc3abc63ca.exe

    • Size

      525KB

    • MD5

      3137257bbaf3a228417da9bc3abc63ca

    • SHA1

      73898dd0d6591b9dd6a9a8cd1c2b909219824488

    • SHA256

      f7b38e4972a5db6c45a63c5003b5bdc89cd8b93311af6be7f292e25cc9a8b072

    • SHA512

      6160678fd275fe3aceb2eda1736e9a939ebdf10f1823575fe43e47ed39a1b8141e486ea99461c12421f5f2a126f7253b1cd44ba75f6390a94a1f356bd9e1dd2e

    Score
    10/10
    raccoon2ce901d964b370c5ccda7e4d68354ba040db8218stealerdiscoveryspyware

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks