4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
23MB
220516-fvtsbaeea8
c888b34fa4b656f3e8862f4f3dfa9724
64de0b18bdaa471b8cef726dda5ff781314c0876
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
Extracted
Family | raccoon |
Botnet | c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 |
Attributes |
url4cnc https://telete.in/jbitchsucks |
rc4.plain |
|
rc4.plain |
|
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
c888b34fa4b656f3e8862f4f3dfa9724
23MB
64de0b18bdaa471b8cef726dda5ff781314c0876
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
Tags
Signatures
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
Tags
TTPs
-
Raccoon
Description
Simple but powerful infostealer which was very active in 2019.
Tags
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Checks for any installed AV software in registry
TTPs
-
Suspicious use of SetThreadContext