https://cdn.discordapp.com/attachments/939583004387471483/952319283906617374/GIFT_VOUCHER.zip

General
Target

https://cdn.discordapp.com/attachments/939583004387471483/952319283906617374/GIFT_VOUCHER.zip

Sample

220511-anz3vseafq

Score
10 /10
Malware Config

Extracted

Family raccoon
Botnet 7994c54742ba2370446cc758f5e797d4fefc8347
Attributes
url4cnc
http://85.159.212.113/darnerd00m
http://185.163.204.81/darnerd00m
http://194.180.191.33/darnerd00m
http://174.138.11.98/darnerd00m
http://194.180.191.44/darnerd00m
http://91.219.236.120/darnerd00m
https://t.me/darnerd00m
rc4.plain
rc4.plain
Targets
Target

https://cdn.discordapp.com/attachments/939583004387471483/952319283906617374/GIFT_VOUCHER.zip

Score
10/10

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        urlscan1

                        1/10

                        behavioral2

                        1/10