General
Target

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

Size

539KB

Sample

211004-n6asksgdal

Score
10/10
MD5

39334f7bcc79560e4cba9026fcae6151

SHA1

eb95a578bb947f52bdf0b779b90f605c5a3277d3

SHA256

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

SHA512

c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

e672747afc67feb221ca60f8fc9e03adcf10f038

Attributes
url4cnc
http://teletop.top/youyouhell0world
http://teleta.top/youyouhell0world
https://t.me/youyouhell0world
rc4.plain
rc4.plain
Targets
Target

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

MD5

39334f7bcc79560e4cba9026fcae6151

Filesize

539KB

Score
10/10
SHA1

eb95a578bb947f52bdf0b779b90f605c5a3277d3

SHA256

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

SHA512

c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation