General

  • Target

    0589280a7a554285429731543a7f3886

  • Size

    424KB

  • Sample

    210926-tnexgafbb9

  • MD5

    0589280a7a554285429731543a7f3886

  • SHA1

    2598f90072e52b3b69802d90f6fe5515ec9ccd3c

  • SHA256

    c95e030ce474b618807651b9fae00d60ca9ec0abef25ff0cbd732b7280849a30

  • SHA512

    9901dc1842618e2a1b7c103abe6e191f609a3ac0044c8a092ac047a0bac3206f0a3cfde7d5cc2f2c4608e155e39fbd311ac0ccbd2cd22893b6881faae7a178f9

Malware Config

Extracted

Family

raccoon

Botnet

5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4

Attributes
  • url4cnc

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      0589280a7a554285429731543a7f3886

    • Size

      424KB

    • MD5

      0589280a7a554285429731543a7f3886

    • SHA1

      2598f90072e52b3b69802d90f6fe5515ec9ccd3c

    • SHA256

      c95e030ce474b618807651b9fae00d60ca9ec0abef25ff0cbd732b7280849a30

    • SHA512

      9901dc1842618e2a1b7c103abe6e191f609a3ac0044c8a092ac047a0bac3206f0a3cfde7d5cc2f2c4608e155e39fbd311ac0ccbd2cd22893b6881faae7a178f9

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks