Overview

overview

10

Static

static

7

dc14553bed...42.exe

windows7_x64

10

dc14553bed...42.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc14553bed2ff0c430fe14d03b904142.exe

  • Size

    33KB

  • Sample

    220114-k7cf1sfegq

  • MD5

    dc14553bed2ff0c430fe14d03b904142

  • SHA1

    32ddd246599f8715ac34cc167fa8f210b4e7c7f9

  • SHA256

    65e2e0704a22d1a0f3d5453c2e9ac551a839af68415958ef0c03e44d1a82829d

  • SHA512

    69deb6c3a3a2d5a889e16cfd0a282df279ea0b8f46bd880dff392aefee437842fedce8b1330de81fad4aaa73d0c1e2237f0520a66ca3fe741c714e5715bc8b21

Score
10/10
raccoonagilenetstealer

Malware Config

Extracted

Family

raccoon

Version

1.8.4-hotfixs

rc4.plain

Targets

    • Target

      dc14553bed2ff0c430fe14d03b904142.exe

    • Size

      33KB

    • MD5

      dc14553bed2ff0c430fe14d03b904142

    • SHA1

      32ddd246599f8715ac34cc167fa8f210b4e7c7f9

    • SHA256

      65e2e0704a22d1a0f3d5453c2e9ac551a839af68415958ef0c03e44d1a82829d

    • SHA512

      69deb6c3a3a2d5a889e16cfd0a282df279ea0b8f46bd880dff392aefee437842fedce8b1330de81fad4aaa73d0c1e2237f0520a66ca3fe741c714e5715bc8b21

    Score
    10/10
    raccoonagilenetstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks