89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

General
Target

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

Size

513KB

Sample

211002-n84tfaedgp

Score
10 /10
MD5

4d0f90fb39427a8bf7072403f5e0d746

SHA1

06186e6498b8120dd1f733e57231215e6f9945fe

SHA256

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

SHA512

5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b

Malware Config

Extracted

Family raccoon
Version 1.8.2
Botnet 1ec902112b48b86eaf116e67218e531d05852427
Attributes
url4cnc
http://teletop.top/papatikmikr0
http://teleta.top/papatikmikr0
https://t.me/papatikmikr0
rc4.plain
rc4.plain
Targets
Target

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

MD5

4d0f90fb39427a8bf7072403f5e0d746

Filesize

513KB

Score
10/10
SHA1

06186e6498b8120dd1f733e57231215e6f9945fe

SHA256

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

SHA512

5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation