Overview

overview

10

Static

static

7

e2fd2972d4...88.exe

windows7_x64

10

e2fd2972d4...88.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2fd2972d4a6928b21beacb58fa02c88

  • Size

    376KB

  • Sample

    220116-sp6k5sfhcj

  • MD5

    e2fd2972d4a6928b21beacb58fa02c88

  • SHA1

    8d51e45dc3b8c5f0a38fd7c40d27ee91809e13b8

  • SHA256

    31ad805cd3b0420e4780a14a04ead82456043d344453405c091caafb0462d129

  • SHA512

    a774c8a732b2d4ed05574b4811505cbb62df70a7562a51e02035eac23ce1eb68f40dc449061a211f2062f766e14ef4eba73613326723c1be75c07708aa583f23

Score
10/10
raccoonagilenetstealer

Malware Config

Extracted

Family

raccoon

Version

1.8.4-hotfixs

rc4.plain

Targets

    • Target

      e2fd2972d4a6928b21beacb58fa02c88

    • Size

      376KB

    • MD5

      e2fd2972d4a6928b21beacb58fa02c88

    • SHA1

      8d51e45dc3b8c5f0a38fd7c40d27ee91809e13b8

    • SHA256

      31ad805cd3b0420e4780a14a04ead82456043d344453405c091caafb0462d129

    • SHA512

      a774c8a732b2d4ed05574b4811505cbb62df70a7562a51e02035eac23ce1eb68f40dc449061a211f2062f766e14ef4eba73613326723c1be75c07708aa583f23

    Score
    10/10
    raccoonagilenetstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks