Resubmissions

06-10-2021 15:33

211006-szlnqabehj 10

04-10-2021 12:00

211004-n6asksgdal 10

General

  • Target

    f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

  • Size

    539KB

  • Sample

    211004-n6asksgdal

  • MD5

    39334f7bcc79560e4cba9026fcae6151

  • SHA1

    eb95a578bb947f52bdf0b779b90f605c5a3277d3

  • SHA256

    f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

  • SHA512

    c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

e672747afc67feb221ca60f8fc9e03adcf10f038

Attributes
  • url4cnc

    http://teletop.top/youyouhell0world

    http://teleta.top/youyouhell0world

    https://t.me/youyouhell0world

rc4.plain
rc4.plain

Targets

    • Target

      f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

    • Size

      539KB

    • MD5

      39334f7bcc79560e4cba9026fcae6151

    • SHA1

      eb95a578bb947f52bdf0b779b90f605c5a3277d3

    • SHA256

      f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5

    • SHA512

      c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Tasks