General

  • Target

    8c9b46d8c682557e142bf5e96b70709a.exe

  • Size

    1.1MB

  • Sample

    210620-xj6msfd952

  • MD5

    8c9b46d8c682557e142bf5e96b70709a

  • SHA1

    84f206e3f782a58c122be02dc107210ac894e6ea

  • SHA256

    5146dcf82d334df70b5d75763f4625af0694934aa667e9faaadfad02c56c85a9

  • SHA512

    017c633aa367be830103b0decfaed0dba646052211ed9385cf0d4cda9b905823df4d667e18910241b07de0753c4a388e6af77632719204ca4bae6f56ec108132

Malware Config

Targets

    • Target

      8c9b46d8c682557e142bf5e96b70709a.exe

    • Size

      1.1MB

    • MD5

      8c9b46d8c682557e142bf5e96b70709a

    • SHA1

      84f206e3f782a58c122be02dc107210ac894e6ea

    • SHA256

      5146dcf82d334df70b5d75763f4625af0694934aa667e9faaadfad02c56c85a9

    • SHA512

      017c633aa367be830103b0decfaed0dba646052211ed9385cf0d4cda9b905823df4d667e18910241b07de0753c4a388e6af77632719204ca4bae6f56ec108132

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks