112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

General
Target

112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

Size

20MB

Sample

220511-3aqaqacfe2

Score
10 /10
MD5

b0380709dc0e7e6f93a23a8c29e81b43

SHA1

6cadc796182ebea50650832f9b026f32962fcd12

SHA256

112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

SHA512

b91ffbe294dff3dec1374c4dfb963fe2327611cbbf1307281562fbe486c9597f68013c1036e1b799c14c32f37966022bdefd2ee7513d5fb0d28e944b488cb12c

Malware Config

Extracted

Family raccoon
Botnet c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
Attributes
url4cnc
https://telete.in/jbitchsucks
rc4.plain
rc4.plain
Targets
Target

112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

MD5

b0380709dc0e7e6f93a23a8c29e81b43

Filesize

20MB

Score
10/10
SHA1

6cadc796182ebea50650832f9b026f32962fcd12

SHA256

112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

SHA512

b91ffbe294dff3dec1374c4dfb963fe2327611cbbf1307281562fbe486c9597f68013c1036e1b799c14c32f37966022bdefd2ee7513d5fb0d28e944b488cb12c

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Modifies security service

    Tags

    TTPs

    Modify RegistryModify Existing Service
  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation