1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
General
Target
Size
Sample
1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
26MB
220511-3ajg6scfd8
Score
10 /10
MD5
SHA1
SHA256
SHA512
0d90fb3791d8c81d57ba520d3cd50589
2c758280791ec4ab5449c02fec4cdb59485faee4
1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238
Malware Config
Extracted
| Family | raccoon |
| Botnet | c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 |
| Attributes |
url4cnc https://telete.in/jbitchsucks |
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
0d90fb3791d8c81d57ba520d3cd50589
26MB
Score
10/10
SHA1
SHA256
SHA512
2c758280791ec4ab5449c02fec4cdb59485faee4
1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238
Tags
Signatures
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
Tags
TTPs
-
Raccoon
Description
Simple but powerful infostealer which was very active in 2019.
Tags
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks