General

  • Target

    c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

  • Size

    512KB

  • Sample

    211002-l7m37aecfj

  • MD5

    de53e8d73fe96e1ceab93e3aee4751ec

  • SHA1

    98e010e66213ba828ead9debe86263bca9407509

  • SHA256

    c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

  • SHA512

    e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

fd16367b73441d6f39c715f71a74a399a84f0b41

Attributes
  • url4cnc

    http://teletop.top/terra11nc

    http://teleta.top/terra11nc

    https://t.me/terra11nc

rc4.plain
rc4.plain

Targets

    • Target

      c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

    • Size

      512KB

    • MD5

      de53e8d73fe96e1ceab93e3aee4751ec

    • SHA1

      98e010e66213ba828ead9debe86263bca9407509

    • SHA256

      c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

    • SHA512

      e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Tasks