General

  • Target

    d4e92bc7b11c1d0654bded6b65fb29923ec4dd5e39c76a3c4b0de13622514ac1

  • Size

    22MB

  • Sample

    220419-ctzemabdf4

  • MD5

    33da466df744fad3028059fe760797fc

  • SHA1

    39a2d83fb4728e8cd70821149653e6573567d843

  • SHA256

    d4e92bc7b11c1d0654bded6b65fb29923ec4dd5e39c76a3c4b0de13622514ac1

  • SHA512

    45af49db83a877aab76bde6751203b02e7c310924389f56f6fe7f38f41086063f1fff8a5a43ef7a157c4664751c501c909e0d190aefc6e239caa40796d1b5ebd

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes
  • url4cnc

    https://telete.in/jbitchsucks

rc4.plain
rc4.plain

Targets

    • Target

      d4e92bc7b11c1d0654bded6b65fb29923ec4dd5e39c76a3c4b0de13622514ac1

    • Size

      22MB

    • MD5

      33da466df744fad3028059fe760797fc

    • SHA1

      39a2d83fb4728e8cd70821149653e6573567d843

    • SHA256

      d4e92bc7b11c1d0654bded6b65fb29923ec4dd5e39c76a3c4b0de13622514ac1

    • SHA512

      45af49db83a877aab76bde6751203b02e7c310924389f56f6fe7f38f41086063f1fff8a5a43ef7a157c4664751c501c909e0d190aefc6e239caa40796d1b5ebd

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon Stealer Payload

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

3
T1031

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

1
T1089

Discovery

System Information Discovery

1
T1082

Tasks