General

  • Target

    863a8a21eb99b20d4220540da5bc05c3.exe

  • Size

    560KB

  • Sample

    210922-h2ggnseeep

  • MD5

    863a8a21eb99b20d4220540da5bc05c3

  • SHA1

    8c6b6b2922f8e5855b209a89caa85fa5e7141e36

  • SHA256

    f97dba49c60aecda455799132bacbfbca94c45e2eee2e9b01c11a485e53a4845

  • SHA512

    d02989d098a89a4ca5072442156b2ed4a0f369c78b32402e2558e4083fd9522f7fe35f95f7959ed8471d7901bf59ae1ebdbb107feffe105de147a7f355faa4f4

Malware Config

Extracted

Family

raccoon

Botnet

3a0693aace391ad57b292defd202847793de4c76

Attributes
  • url4cnc

    https://telete.in/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      863a8a21eb99b20d4220540da5bc05c3.exe

    • Size

      560KB

    • MD5

      863a8a21eb99b20d4220540da5bc05c3

    • SHA1

      8c6b6b2922f8e5855b209a89caa85fa5e7141e36

    • SHA256

      f97dba49c60aecda455799132bacbfbca94c45e2eee2e9b01c11a485e53a4845

    • SHA512

      d02989d098a89a4ca5072442156b2ed4a0f369c78b32402e2558e4083fd9522f7fe35f95f7959ed8471d7901bf59ae1ebdbb107feffe105de147a7f355faa4f4

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks