raccoon | ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
Size

337KB
Sample

211025-c9zqbsgdgj
MD5

4c5976903900fe29fa50510851c8cf86
SHA1

bf4743d9aa89c8fedf17a70a0ecd12d74229b0b4
SHA256

ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
SHA512

ba8c2239c8411f6aeb9b24c71dc1005a04ff45ad14a4e0e24c195b5e26f028744035ac40d5685dbfcda70e55c030731ab1d91254aa8a8467b1d3d4bf707333bd

Score

10^/10

raccoon redline smokeloader 7ebf9b416b72a203df65383eec899dc689d2c3d7 backdoor discovery infostealer spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51.exe

Resource

win10-en-20211014

raccoon redline smokeloader 7ebf9b416b72a203df65383eec899dc689d2c3d7 backdoor discovery infostealer spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://xacokuo8.top/

http://hajezey1.top/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes

url4cnc
http://telegatt.top/agrybirdsgamerept
http://telegka.top/agrybirdsgamerept
http://telegin.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
- Size
  
  337KB
- MD5
  
  4c5976903900fe29fa50510851c8cf86
- SHA1
  
  bf4743d9aa89c8fedf17a70a0ecd12d74229b0b4
- SHA256
  
  ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
- SHA512
  
  ba8c2239c8411f6aeb9b24c71dc1005a04ff45ad14a4e0e24c195b5e26f028744035ac40d5685dbfcda70e55c030731ab1d91254aa8a8467b1d3d4bf707333bd
Score

10^/10

raccoon redline smokeloader 7ebf9b416b72a203df65383eec899dc689d2c3d7 backdoor discovery infostealer spyware stealer suricata trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonredlinesmokeloader7ebf9b416b72a203df65383eec899dc689d2c3d7backdoordiscoveryinfostealerspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy