Overview

overview

10

Static

static

7052ad910e...9b.exe

windows7_x64

10

7052ad910e...9b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7052ad910ee7b7f7b15c86e59fc9b09d83b6501bf929b.exe

  • Size

    542KB

  • Sample

    210508-qtmrd9e9ha

  • MD5

    23fed1c9856f4e0565d76ba346197dbc

  • SHA1

    ba795084b2b4b46b9f66fddc1fd908cc87fd852b

  • SHA256

    7052ad910ee7b7f7b15c86e59fc9b09d83b6501bf929b737a2c0b8b1d7d04d5c

  • SHA512

    ff807b61069827af82fa727bd52835ad4f84139c6ed4900e6043711f5f2ad85cac54696618781da93e835c04a2c4377ed65e934b5cfdc6588129bf177564b7aa

Score
10/10
raccoona3a85b69314053c3bb015532d1a960a3d08baeb8stealer

Malware Config

Extracted

Family

raccoon

Botnet

a3a85b69314053c3bb015532d1a960a3d08baeb8

Attributes
  • url4cnc

    https://telete.in/baudemars

rc4.plain
rc4.plain

Targets

    • Target

      7052ad910ee7b7f7b15c86e59fc9b09d83b6501bf929b.exe

    • Size

      542KB

    • MD5

      23fed1c9856f4e0565d76ba346197dbc

    • SHA1

      ba795084b2b4b46b9f66fddc1fd908cc87fd852b

    • SHA256

      7052ad910ee7b7f7b15c86e59fc9b09d83b6501bf929b737a2c0b8b1d7d04d5c

    • SHA512

      ff807b61069827af82fa727bd52835ad4f84139c6ed4900e6043711f5f2ad85cac54696618781da93e835c04a2c4377ed65e934b5cfdc6588129bf177564b7aa

    Score
    10/10
    raccoona3a85b69314053c3bb015532d1a960a3d08baeb8stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks