General

  • Target

    122562ead436824cf33e2dad217a6bb0852eff2338e9f7753fa9a0c361020c37

  • Size

    5MB

  • Sample

    220503-xzrxysafb9

  • MD5

    d2c47c3ee0a9e1bec99cba90f39fb843

  • SHA1

    4f1c9b979e2de7270b6da85b75c7e37eb3c78648

  • SHA256

    122562ead436824cf33e2dad217a6bb0852eff2338e9f7753fa9a0c361020c37

  • SHA512

    494e2722de57ff7ff6cfceb4377cc86640941945c1ad644ccfcb78bcfdd0ce37b5b9f49eb477f605ab8fee8b483b657993211aa6dfa844fa144f2ba1fde5d3ef

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes
  • url4cnc

    https://telete.in/jbitchsucks

rc4.plain
rc4.plain

Targets

    • Target

      122562ead436824cf33e2dad217a6bb0852eff2338e9f7753fa9a0c361020c37

    • Size

      5MB

    • MD5

      d2c47c3ee0a9e1bec99cba90f39fb843

    • SHA1

      4f1c9b979e2de7270b6da85b75c7e37eb3c78648

    • SHA256

      122562ead436824cf33e2dad217a6bb0852eff2338e9f7753fa9a0c361020c37

    • SHA512

      494e2722de57ff7ff6cfceb4377cc86640941945c1ad644ccfcb78bcfdd0ce37b5b9f49eb477f605ab8fee8b483b657993211aa6dfa844fa144f2ba1fde5d3ef

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon Stealer Payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks