edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa

General
Target

edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa

Size

11MB

Sample

220511-28zflsfccm

Score
10 /10
MD5

4ac4214a42739aef3f3e5ecfd1cd004d

SHA1

2074454003c869acb06f9e9679572f414ff26cf9

SHA256

edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa

SHA512

81bdf5936dcc6dbbdab2d7994647a384fe33209bc222be400f69058563ac1dfcd546df89e4f0e9c6408e695becaf6213fa5529e44c04116567d846e634de78a8

Malware Config

Extracted

Family raccoon
Botnet 0608c0879c6ecd26ffcf8015f83216c8a225fc46
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa

MD5

4ac4214a42739aef3f3e5ecfd1cd004d

Filesize

11MB

Score
10/10
SHA1

2074454003c869acb06f9e9679572f414ff26cf9

SHA256

edf96af64e80dad2a9e28b9052ebf88b530fa6185e03cad1c1b4c9d5c21815fa

SHA512

81bdf5936dcc6dbbdab2d7994647a384fe33209bc222be400f69058563ac1dfcd546df89e4f0e9c6408e695becaf6213fa5529e44c04116567d846e634de78a8

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • ACProtect 1.3x - 1.4x DLL software

    Description

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation