e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926

General
Target

e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926

Size

483KB

Sample

210926-rg4wxaehap

Score
10 /10
MD5

15f4beea08a4d087fc859abefac17fc7

SHA1

dbffa25e492c5e9f8c95f8f4831c14dec7f3f9da

SHA256

e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926

SHA512

e1aa86c2cca518fd103822fa68dbf0670b1daa728a1537857b9e33fcff50a91c99bada6228e058805474c95c6f1ed07d1ded891aaa498414346e814a302c919c

Malware Config

Extracted

Family raccoon
Botnet 5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
Attributes
url4cnc
https://t.me/agrybirdsgamerept
rc4.plain
rc4.plain
Targets
Target

e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926

MD5

15f4beea08a4d087fc859abefac17fc7

Filesize

483KB

Score
10 /10
SHA1

dbffa25e492c5e9f8c95f8f4831c14dec7f3f9da

SHA256

e6c8bc74b134a6e758d09ac2756cf9256fefd5ab2985a3bea7fcd4e9593c1926

SHA512

e1aa86c2cca518fd103822fa68dbf0670b1daa728a1537857b9e33fcff50a91c99bada6228e058805474c95c6f1ed07d1ded891aaa498414346e814a302c919c

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation