General
Target

fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe

Filesize

373KB

Completed

10-05-2022 20:53

Task

behavioral2

Score
10/10
MD5

7e4a9d30bf65de75262cb1bce111dfb7

SHA1

5394765f6a6ce97d1450f18103291bb4eb164dc8

SHA256

fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1

SHA256

e5e132b10e546ed0a272c2bf27ca4517804c95e572415de7c6f4cbeeca346aa9f7127e8ed5fc1adfbe252f892c37cac9dabed6bafb968fa3918851bed86065fb

Malware Config

Extracted

Family

raccoon

Botnet

42069a99036f7acbe85c9bc67fe3207cd01fb3fc

Attributes
url4cnc
https://telete.in/jagressor_kz
rc4.plain
rc4.plain
Signatures 2

Filter: none

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

  • Raccoon Stealer Payload

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/948-131-0x0000000001050000-0x00000000010E0000-memory.dmpfamily_raccoon
    behavioral2/memory/948-132-0x0000000000400000-0x0000000000FBA000-memory.dmpfamily_raccoon
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe
    "C:\Users\Admin\AppData\Local\Temp\fdc055799366348b8e400ea31434208e768317c1495b4b019f89829e344009e1.exe"
    PID:948
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/948-130-0x0000000001119000-0x0000000001169000-memory.dmp

                          • memory/948-131-0x0000000001050000-0x00000000010E0000-memory.dmp

                          • memory/948-132-0x0000000000400000-0x0000000000FBA000-memory.dmp