General

  • Target

    0B668D0AC89D5DA1526BE831F7B8C3F2AF54C5DBC68C0.exe

  • Size

    1.2MB

  • Sample

    220128-zxsgtadefp

  • MD5

    4bb6c620715fe25e76d4cca1e68bef89

  • SHA1

    0cf2a7aad7ad7a804ca2b7ccaea1a6aadd75fb80

  • SHA256

    0b668d0ac89d5da1526be831f7b8c3f2af54c5dbc68c0c9ce886183ec518c051

  • SHA512

    59203e7c93eda1698f25ee000c7be02d39eee5a0c3f615ae6b540c7a76e6d47265d4354fa38be5206810e6b035b8be1794ebe324c0e9db33360a4f0dd3910549

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

efc20640b4b1564934471e6297b87d8657db774a

Attributes
  • url4cnc

    http://91.219.236.162/jredmankun

    http://185.163.47.176/jredmankun

    http://193.38.54.238/jredmankun

    http://74.119.192.122/jredmankun

    http://91.219.236.240/jredmankun

    https://t.me/jredmankun

rc4.plain
rc4.plain

Targets

    • Target

      0B668D0AC89D5DA1526BE831F7B8C3F2AF54C5DBC68C0.exe

    • Size

      1.2MB

    • MD5

      4bb6c620715fe25e76d4cca1e68bef89

    • SHA1

      0cf2a7aad7ad7a804ca2b7ccaea1a6aadd75fb80

    • SHA256

      0b668d0ac89d5da1526be831f7b8c3f2af54c5dbc68c0c9ce886183ec518c051

    • SHA512

      59203e7c93eda1698f25ee000c7be02d39eee5a0c3f615ae6b540c7a76e6d47265d4354fa38be5206810e6b035b8be1794ebe324c0e9db33360a4f0dd3910549

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

      suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks