Overview

overview

10

Static

static

4bc0df38f4...04.exe

windows7_x64

10

4bc0df38f4...04.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804

  • Size

    23MB

  • Sample

    220516-fvtsbaeea8

  • MD5

    c888b34fa4b656f3e8862f4f3dfa9724

  • SHA1

    64de0b18bdaa471b8cef726dda5ff781314c0876

  • SHA256

    4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804

  • SHA512

    9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2

Score
10/10
raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes
  • url4cnc

    https://telete.in/jbitchsucks

rc4.plain
rc4.plain

Targets

    • Target

      4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804

    • Size

      23MB

    • MD5

      c888b34fa4b656f3e8862f4f3dfa9724

    • SHA1

      64de0b18bdaa471b8cef726dda5ff781314c0876

    • SHA256

      4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804

    • SHA512

      9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2

    Score
    10/10
    raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies security service

      evasion

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Raccoon Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

Security Software Discovery

1
T1063

System Information Discovery

2
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Tasks