General

  • Target

    c92d9c2733688e8d2a795be531773dea.exe

  • Size

    555KB

  • Sample

    211001-f11g2sbaal

  • MD5

    c92d9c2733688e8d2a795be531773dea

  • SHA1

    7884752a9e308593763f57f0327d1e7d0a5f4df9

  • SHA256

    8a50273435f6be7e9a3260ee25ef07ec04c856c239d39830a12145daec79371e

  • SHA512

    4b3fcca8222bed282589d2ad1feb9fbb671a1f1291c759d3faa67b8834c3f570a8c02760bcd6adac3f40d85453e8a076e8619b016f4a46da8e01a809612195f2

Malware Config

Extracted

Family

raccoon

Botnet

f6d7183c9e82d2a9b81e6c0608450aa66cefb51f

Attributes
  • url4cnc

    https://t.me/justoprostohello

rc4.plain
rc4.plain

Targets

    • Target

      c92d9c2733688e8d2a795be531773dea.exe

    • Size

      555KB

    • MD5

      c92d9c2733688e8d2a795be531773dea

    • SHA1

      7884752a9e308593763f57f0327d1e7d0a5f4df9

    • SHA256

      8a50273435f6be7e9a3260ee25ef07ec04c856c239d39830a12145daec79371e

    • SHA512

      4b3fcca8222bed282589d2ad1feb9fbb671a1f1291c759d3faa67b8834c3f570a8c02760bcd6adac3f40d85453e8a076e8619b016f4a46da8e01a809612195f2

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks