General

  • Target

    8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

  • Size

    1.3MB

  • Sample

    220520-dpmqpshhcl

  • MD5

    66afe24b36275f561cf6318653aaa6f4

  • SHA1

    94f4bdd9e38b17fac52471936cf7173d37cd001e

  • SHA256

    8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

  • SHA512

    4b99387f9b0b01ee25d0f728c735cb7d2f564602eb934b4ef7898e6ad532f2ccb304ed99ea9eab93bacfdcb81d01911ca0a0a5ebc75e4f92200ec760238bb582

Malware Config

Extracted

Family

raccoon

Botnet

98ade1e00a4f6f9a223d8d49f21aeb26d0c74b4a

Attributes
  • url4cnc

    https://drive.google.com/uc?export=download&id=1oyq2bglZBUpcWekyvuAsh8ZchXcReacH

rc4.plain
rc4.plain

Targets

    • Target

      8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

    • Size

      1.3MB

    • MD5

      66afe24b36275f561cf6318653aaa6f4

    • SHA1

      94f4bdd9e38b17fac52471936cf7173d37cd001e

    • SHA256

      8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

    • SHA512

      4b99387f9b0b01ee25d0f728c735cb7d2f564602eb934b4ef7898e6ad532f2ccb304ed99ea9eab93bacfdcb81d01911ca0a0a5ebc75e4f92200ec760238bb582

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Raccoon Stealer Payload

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Web Service

1
T1102

Tasks