Overview

overview

10

Static

static

phantomm.exe

windows7_x64

10

phantomm.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    phantomm.exe

  • Size

    530KB

  • Sample

    210415-nkq9aylc1a

  • MD5

    b1c3e5d3e9e68b69e982d4e04eee6d15

  • SHA1

    0af0726ba9a6b7f36da1520f01684fb87b263910

  • SHA256

    dffcb738108f42f0156363e07bbf21004e17faa3cbb5021bca9a175d69e859e0

  • SHA512

    7c30c9fc34031fee3d0ec809d1208f93447e702168f1874b130e917e9e61172f68fbd4d6d28c120462b8294d78738ccadf0d04dcc71d4dd145397ea8250cfc44

Score
10/10
raccoon16992cd33145ccbb6feeacb4e84400a56448fa14discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

16992cd33145ccbb6feeacb4e84400a56448fa14

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      phantomm.exe

    • Size

      530KB

    • MD5

      b1c3e5d3e9e68b69e982d4e04eee6d15

    • SHA1

      0af0726ba9a6b7f36da1520f01684fb87b263910

    • SHA256

      dffcb738108f42f0156363e07bbf21004e17faa3cbb5021bca9a175d69e859e0

    • SHA512

      7c30c9fc34031fee3d0ec809d1208f93447e702168f1874b130e917e9e61172f68fbd4d6d28c120462b8294d78738ccadf0d04dcc71d4dd145397ea8250cfc44

    Score
    10/10
    raccoon16992cd33145ccbb6feeacb4e84400a56448fa14discoveryspywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks