71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e

General
Target

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e

Size

23MB

Sample

220511-24va4acdc8

Score
10 /10
MD5

6ca4fb6e640d6da6066f5862cc79b09f

SHA1

b23f145e90da334b176b4f6a55e948f2cff48a77

SHA256

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e

SHA512

6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb

Malware Config

Extracted

Family raccoon
Botnet c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e

MD5

6ca4fb6e640d6da6066f5862cc79b09f

Filesize

23MB

Score
10/10
SHA1

b23f145e90da334b176b4f6a55e948f2cff48a77

SHA256

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e

SHA512

6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation