77b01d21a55c52756c16e6355c5a6ec4.exe

General
Target

77b01d21a55c52756c16e6355c5a6ec4.exe

Size

430KB

Sample

210926-qbhk2segfl

Score
10 /10
MD5

77b01d21a55c52756c16e6355c5a6ec4

SHA1

a38f70512aad190cea6085905b9a17865c2c6db4

SHA256

dec0265226f1b0fcbcd3570d1fabb2b97a26b0fa575026782f169e7d1d282df5

SHA512

993d5df996026ae57fb0cb92908c166c2d543ad04d2ba5601153e36caba1dbc844e35e252294e2dbe2e857a64f892d0c25b26b43d4364fa7d54abad5ba109f83

Malware Config

Extracted

Family raccoon
Botnet f6d7183c9e82d2a9b81e6c0608450aa66cefb51f
Attributes
url4cnc
https://t.me/justoprostohello
rc4.plain
rc4.plain
Targets
Target

77b01d21a55c52756c16e6355c5a6ec4.exe

MD5

77b01d21a55c52756c16e6355c5a6ec4

Filesize

430KB

Score
10 /10
SHA1

a38f70512aad190cea6085905b9a17865c2c6db4

SHA256

dec0265226f1b0fcbcd3570d1fabb2b97a26b0fa575026782f169e7d1d282df5

SHA512

993d5df996026ae57fb0cb92908c166c2d543ad04d2ba5601153e36caba1dbc844e35e252294e2dbe2e857a64f892d0c25b26b43d4364fa7d54abad5ba109f83

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation