2f9512ec165fc862fe335427c3e6a7a7d17d78616e718.exe

General
Target

2f9512ec165fc862fe335427c3e6a7a7d17d78616e718.exe

Size

430KB

Sample

210926-rcscbaehal

Score
10 /10
MD5

741a9262c19fd5a2c02850b23399f292

SHA1

72fa107db787f464071e0ad460d4802530e2c7d6

SHA256

2f9512ec165fc862fe335427c3e6a7a7d17d78616e71847426a4dc1ce48164e0

SHA512

4a426ce2d8eb96f7b42cfb32ff16e2ef817feeee96c878dec39620a74f33e63c8350522ba7daada6cb5ceef63cc92b4444377b0cd21e556371513c7259daa5ae

Malware Config

Extracted

Family raccoon
Botnet 5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
Attributes
url4cnc
https://t.me/agrybirdsgamerept
rc4.plain
rc4.plain
Targets
Target

2f9512ec165fc862fe335427c3e6a7a7d17d78616e718.exe

MD5

741a9262c19fd5a2c02850b23399f292

Filesize

430KB

Score
10 /10
SHA1

72fa107db787f464071e0ad460d4802530e2c7d6

SHA256

2f9512ec165fc862fe335427c3e6a7a7d17d78616e71847426a4dc1ce48164e0

SHA512

4a426ce2d8eb96f7b42cfb32ff16e2ef817feeee96c878dec39620a74f33e63c8350522ba7daada6cb5ceef63cc92b4444377b0cd21e556371513c7259daa5ae

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation