71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
General
Target
Size
Sample
71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
23MB
220511-24va4acdc8
Score
10 /10
MD5
SHA1
SHA256
SHA512
6ca4fb6e640d6da6066f5862cc79b09f
b23f145e90da334b176b4f6a55e948f2cff48a77
71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb
Malware Config
Extracted
| Family | raccoon |
| Botnet | c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 |
| Attributes |
url4cnc https://telete.in/jbitchsucks |
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
6ca4fb6e640d6da6066f5862cc79b09f
23MB
Score
10/10
SHA1
SHA256
SHA512
b23f145e90da334b176b4f6a55e948f2cff48a77
71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb
Tags
Signatures
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
Tags
TTPs
-
Raccoon
Description
Simple but powerful infostealer which was very active in 2019.
Tags
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks