1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac

General
Target

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac

Size

26MB

Sample

220511-3ajg6scfd8

Score
10 /10
MD5

0d90fb3791d8c81d57ba520d3cd50589

SHA1

2c758280791ec4ab5449c02fec4cdb59485faee4

SHA256

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac

SHA512

09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238

Malware Config

Extracted

Family raccoon
Botnet c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac

MD5

0d90fb3791d8c81d57ba520d3cd50589

Filesize

26MB

Score
10/10
SHA1

2c758280791ec4ab5449c02fec4cdb59485faee4

SHA256

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac

SHA512

09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation