raccoon | 7a71c46f5f6f27776603ee0de69e6eb83364942d8af0c16f5b54c14d7faba136 | Triage

Sharing

General

Target

fd164fc1dfed3445d8cdb9e72f08172a
Size

279KB
Sample

211118-fxkmesbfgj
MD5

fd164fc1dfed3445d8cdb9e72f08172a
SHA1

41065b87823ea86e278fbecc3cc486637720825d
SHA256

7a71c46f5f6f27776603ee0de69e6eb83364942d8af0c16f5b54c14d7faba136
SHA512

861144a25e10e3823ddbac94b90d42e29a8a80186e758deaa9a57ff2874fa615d9e800bc0f961920c78793c5656fa13fe42552be6cfc9b31155ccaeecde21b1f

Score

10^/10

raccoon smokeloader 14b265e74e2847e8408db7ca21fe6fe2e9ab5767 backdoor collection stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rsuehfidvdkfvk.top/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

14b265e74e2847e8408db7ca21fe6fe2e9ab5767

Attributes

url4cnc
http://91.219.236.162/masterdanteloma
http://185.163.47.176/masterdanteloma
http://193.38.54.238/masterdanteloma
http://74.119.192.122/masterdanteloma
http://91.219.236.240/masterdanteloma
https://t.me/masterdanteloma

rc4.plain

rc4.plain

Targets

- Target
  
  fd164fc1dfed3445d8cdb9e72f08172a
- Size
  
  279KB
- MD5
  
  fd164fc1dfed3445d8cdb9e72f08172a
- SHA1
  
  41065b87823ea86e278fbecc3cc486637720825d
- SHA256
  
  7a71c46f5f6f27776603ee0de69e6eb83364942d8af0c16f5b54c14d7faba136
- SHA512
  
  861144a25e10e3823ddbac94b90d42e29a8a80186e758deaa9a57ff2874fa615d9e800bc0f961920c78793c5656fa13fe42552be6cfc9b31155ccaeecde21b1f
Score

10^/10

raccoon smokeloader 14b265e74e2847e8408db7ca21fe6fe2e9ab5767 backdoor collection stealer trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonsmokeloader14b265e74e2847e8408db7ca21fe6fe2e9ab5767backdoorcollectionstealertrojan

behavioral2

raccoonsmokeloader14b265e74e2847e8408db7ca21fe6fe2e9ab5767backdoorcollectionstealertrojan