General

  • Target

    4608c6fb1d3fa352a57e4f45661a3c11.exe

  • Size

    519KB

  • Sample

    210416-9d3exmb5tx

  • MD5

    4608c6fb1d3fa352a57e4f45661a3c11

  • SHA1

    c5c4d25841f1829dae17405934b931653c5f3980

  • SHA256

    c609c257eaa84273642b03d2b12337f5e64c16ce6bdd0abfd25a557aa94d06b0

  • SHA512

    4667c22a08754a2920f76b38a27085af54c64b3972c72214b7826d6b2350944ada159f62cfe9f7096b7895b3d4ceafa5c4076834dbab2337ebd09fc4f02c46a0

Malware Config

Extracted

Family

raccoon

Botnet

16992cd33145ccbb6feeacb4e84400a56448fa14

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      4608c6fb1d3fa352a57e4f45661a3c11.exe

    • Size

      519KB

    • MD5

      4608c6fb1d3fa352a57e4f45661a3c11

    • SHA1

      c5c4d25841f1829dae17405934b931653c5f3980

    • SHA256

      c609c257eaa84273642b03d2b12337f5e64c16ce6bdd0abfd25a557aa94d06b0

    • SHA512

      4667c22a08754a2920f76b38a27085af54c64b3972c72214b7826d6b2350944ada159f62cfe9f7096b7895b3d4ceafa5c4076834dbab2337ebd09fc4f02c46a0

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks