Description
Simple but powerful infostealer which was very active in 2019.
f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
General
Target
Size
Sample
f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
560KB
210922-h7srwseegm
Score
10 /10
MD5
SHA1
SHA256
SHA512
72dafc4033046a1406b08fff6c9edbae
18fde5c7adb6152e155017af5219995fe615486c
f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
8a767cd7aafda33d393fa5eb4fbf4d782c77bb8b61931365e424af630a87bd5af3bea452f1ef6cdfe0b69ebaa63cc4d869f311ffc248652a2bdd6a3670fe2ee2
Malware Config
Extracted
| Family | raccoon |
| Botnet | 3a0693aace391ad57b292defd202847793de4c76 |
| Attributes |
url4cnc
https://telete.in/agrybirdsgamerept
|
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
72dafc4033046a1406b08fff6c9edbae
560KB
Score
10 /10
SHA1
SHA256
SHA512
18fde5c7adb6152e155017af5219995fe615486c
f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
8a767cd7aafda33d393fa5eb4fbf4d782c77bb8b61931365e424af630a87bd5af3bea452f1ef6cdfe0b69ebaa63cc4d869f311ffc248652a2bdd6a3670fe2ee2
Tags
Signatures
-
Raccoon
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks