General
-
Target
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
-
Size
23MB
-
Sample
220516-fvtsbaeea8
-
MD5
c888b34fa4b656f3e8862f4f3dfa9724
-
SHA1
64de0b18bdaa471b8cef726dda5ff781314c0876
-
SHA256
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
-
SHA512
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
Static task
static1
Behavioral task
behavioral1
Sample
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804.exe
Resource
win7-20220414-en
Malware Config
Extracted
raccoon
c763e433ef51ff4b6c545800e4ba3b3b1a2ea077
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
-
Size
23MB
-
MD5
c888b34fa4b656f3e8862f4f3dfa9724
-
SHA1
64de0b18bdaa471b8cef726dda5ff781314c0876
-
SHA256
4bc0df38f4c850b366c058e3b0e10264d5fa7f900cc436180e8d623e0bce6804
-
SHA512
9d7f71b1e3f6e48d8327d56dedddbde36c106a5e35aef31516e90ea53958a37f82974cb9c87590f4cf9231f0b395525a32cd3f52e8d0944892a94996d35c0db2
-
Modifies security service
-
Raccoon Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Discovery
Query Registry
1Security Software Discovery
1System Information Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Modify Existing Service
2Privilege Escalation