General

  • Target

    affb7dbf9afd509b9ab184b02bddb171.exe

  • Size

    495KB

  • Sample

    211001-esls9aahbl

  • MD5

    affb7dbf9afd509b9ab184b02bddb171

  • SHA1

    432a0a51ff8561e271ecebdcd5114ae894c671db

  • SHA256

    76a6295a7b1e6854ab42e24d1ecca629d45203fb759575dad0fdb5e2e3150ee9

  • SHA512

    74b901db573313c68e295e5a533972cb8143359beddab350938a97f05ce8c09eb2222afcb7b54e9d05eb604cb09f07f817e2be1346bfbea99148fd0843343e43

Malware Config

Extracted

Family

raccoon

Botnet

f6d7183c9e82d2a9b81e6c0608450aa66cefb51f

Attributes
  • url4cnc

    https://t.me/justoprostohello

rc4.plain
rc4.plain

Targets

    • Target

      affb7dbf9afd509b9ab184b02bddb171.exe

    • Size

      495KB

    • MD5

      affb7dbf9afd509b9ab184b02bddb171

    • SHA1

      432a0a51ff8561e271ecebdcd5114ae894c671db

    • SHA256

      76a6295a7b1e6854ab42e24d1ecca629d45203fb759575dad0fdb5e2e3150ee9

    • SHA512

      74b901db573313c68e295e5a533972cb8143359beddab350938a97f05ce8c09eb2222afcb7b54e9d05eb604cb09f07f817e2be1346bfbea99148fd0843343e43

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks