Overview

overview

10

Static

static

b36931871f...76.exe

windows7_x64

10

b36931871f...76.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b36931871f27cabc94055e912cdccd76.exe

  • Size

    449KB

  • Sample

    210323-bgenemyvks

  • MD5

    b36931871f27cabc94055e912cdccd76

  • SHA1

    aa4cc95bdeaa22a00aa6ed9e5d6e8525ff9887a4

  • SHA256

    e48620af676ceaf029827a84f094f647146c490f867b13a49a20493cfa4aea7c

  • SHA512

    af4db7fc94375642133db1008885b50e532aac1be10033d22dac9473b4fcd528f989e0b90c32f732eb6b9312ca9cdf9f00366677fd6037538fae576795e22c3d

Score
10/10
raccoon2ce901d964b370c5ccda7e4d68354ba040db8218discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

2ce901d964b370c5ccda7e4d68354ba040db8218

Attributes
  • url4cnc

    https://telete.in/tomarsjsmith3

rc4.plain
rc4.plain

Targets

    • Target

      b36931871f27cabc94055e912cdccd76.exe

    • Size

      449KB

    • MD5

      b36931871f27cabc94055e912cdccd76

    • SHA1

      aa4cc95bdeaa22a00aa6ed9e5d6e8525ff9887a4

    • SHA256

      e48620af676ceaf029827a84f094f647146c490f867b13a49a20493cfa4aea7c

    • SHA512

      af4db7fc94375642133db1008885b50e532aac1be10033d22dac9473b4fcd528f989e0b90c32f732eb6b9312ca9cdf9f00366677fd6037538fae576795e22c3d

    Score
    10/10
    raccoon2ce901d964b370c5ccda7e4d68354ba040db8218discoveryspywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks