c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

General
Target

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

Size

23MB

Sample

220511-24r6qsfahm

Score
10 /10
MD5

5e09313befea3f8ef5567f724ada60fe

SHA1

48fab70a85e6da34fa0070163f7ea6ac16fc5d37

SHA256

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

SHA512

9df529de88a8b8c157f7deac7e3998cca8f0dabeebda58f6dbc6ca3c22970897a0b7a51fab3562462b65de8e7830b3437612ab6ae999b90607007d1ba0c20598

Malware Config

Extracted

Family raccoon
Botnet c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

MD5

5e09313befea3f8ef5567f724ada60fe

Filesize

23MB

Score
10/10
SHA1

48fab70a85e6da34fa0070163f7ea6ac16fc5d37

SHA256

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

SHA512

9df529de88a8b8c157f7deac7e3998cca8f0dabeebda58f6dbc6ca3c22970897a0b7a51fab3562462b65de8e7830b3437612ab6ae999b90607007d1ba0c20598

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation