Overview

overview

10

Static

static

7032d1372b...34.exe

windows7_x64

10

7032d1372b...34.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7032d1372b6923b75f668a04b0a36834.exe

  • Size

    459KB

  • Sample

    210323-be29nvqswj

  • MD5

    7032d1372b6923b75f668a04b0a36834

  • SHA1

    4d47315386785d44da6a44a654c459e8ace90618

  • SHA256

    8c9604ea096cd0a680d183f1f9b2a53d2cce276c7d86efdf21d3dd6bffead1f5

  • SHA512

    751479ff7e9e8e191ad41672ad6cceb2b25d88f152d9997fe56b441e1bdd28be0f251058d5a88e238eee0a8345f79c86f37d5592029e4461c2853dfe0aa69604

Score
10/10
raccoon2ce901d964b370c5ccda7e4d68354ba040db8218discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

2ce901d964b370c5ccda7e4d68354ba040db8218

Attributes
  • url4cnc

    https://telete.in/tomarsjsmith3

rc4.plain
rc4.plain

Targets

    • Target

      7032d1372b6923b75f668a04b0a36834.exe

    • Size

      459KB

    • MD5

      7032d1372b6923b75f668a04b0a36834

    • SHA1

      4d47315386785d44da6a44a654c459e8ace90618

    • SHA256

      8c9604ea096cd0a680d183f1f9b2a53d2cce276c7d86efdf21d3dd6bffead1f5

    • SHA512

      751479ff7e9e8e191ad41672ad6cceb2b25d88f152d9997fe56b441e1bdd28be0f251058d5a88e238eee0a8345f79c86f37d5592029e4461c2853dfe0aa69604

    Score
    10/10
    raccoon2ce901d964b370c5ccda7e4d68354ba040db8218discoveryspywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks