Overview

overview

10

Static

static

d0269a9d4b...59.exe

windows7_x64

10

d0269a9d4b...59.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0269a9d4b5f083fc263eef1210dfd59.exe

  • Size

    508KB

  • Sample

    210418-qpnj75dkes

  • MD5

    d0269a9d4b5f083fc263eef1210dfd59

  • SHA1

    bc47f8fe1476d8fc357ca10cd6090dcdaf357ff4

  • SHA256

    04285b9b14a3918ce4d49b86ec02f29f10407bd427ef40cb4a7aa5c32a6ff6a8

  • SHA512

    a1ad3e4d89536142ebfdaf216b3b6c9eb20dc959d8975ea2d6fec612c0628915274d4a06688756f4eabf69366dfe400a618362faf30ef200c22d7aaa8b455509

Score
10/10
raccoonbb8d3701ca5d8e031967c87b862623b34997b3d1stealer

Malware Config

Extracted

Family

raccoon

Botnet

bb8d3701ca5d8e031967c87b862623b34997b3d1

Attributes
  • url4cnc

    https://telete.in/jdiamond13

rc4.plain
rc4.plain

Targets

    • Target

      d0269a9d4b5f083fc263eef1210dfd59.exe

    • Size

      508KB

    • MD5

      d0269a9d4b5f083fc263eef1210dfd59

    • SHA1

      bc47f8fe1476d8fc357ca10cd6090dcdaf357ff4

    • SHA256

      04285b9b14a3918ce4d49b86ec02f29f10407bd427ef40cb4a7aa5c32a6ff6a8

    • SHA512

      a1ad3e4d89536142ebfdaf216b3b6c9eb20dc959d8975ea2d6fec612c0628915274d4a06688756f4eabf69366dfe400a618362faf30ef200c22d7aaa8b455509

    Score
    10/10
    raccoonbb8d3701ca5d8e031967c87b862623b34997b3d1stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks