General
Target

c792a79219ef722a7b0f45b0c59beea8

Size

545KB

Sample

211001-y5jzzadcdp

Score
10/10
MD5

c792a79219ef722a7b0f45b0c59beea8

SHA1

8d06d36168c7147655b54ef43c525bf25916073c

SHA256

25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1

SHA512

db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

1ec902112b48b86eaf116e67218e531d05852427

Attributes
url4cnc
http://teletop.top/papatikmikr0
http://teleta.top/papatikmikr0
https://t.me/papatikmikr0
rc4.plain
rc4.plain
Targets
Target

c792a79219ef722a7b0f45b0c59beea8

MD5

c792a79219ef722a7b0f45b0c59beea8

Filesize

545KB

Score
10/10
SHA1

8d06d36168c7147655b54ef43c525bf25916073c

SHA256

25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1

SHA512

db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation