4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
General
Target
Size
Sample
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
23MB
220516-fvtsbaeea8
Score
10 /10
MD5
SHA1
SHA256
SHA512
c888b34fa4b656f3e8862f4f3dfa9724
64de0b18bdaa471b8cef726dda5ff781314c0876
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
Malware Config
Extracted
| Family | raccoon |
| Botnet | c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 |
| Attributes |
url4cnc https://telete.in/jbitchsucks |
| rc4.plain |
|
| rc4.plain |
|
Targets
Target
MD5
Filesize
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
c888b34fa4b656f3e8862f4f3dfa9724
23MB
Score
10/10
SHA1
SHA256
SHA512
64de0b18bdaa471b8cef726dda5ff781314c0876
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
Tags
Signatures
-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
Tags
TTPs
-
Raccoon
Description
Simple but powerful infostealer which was very active in 2019.
Tags
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Checks for any installed AV software in registry
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks