raccoon | 94b5fb2cd3993927c7441866c79f448a075b993b15c099e3e3e1adcf1a5f4806 | Triage

Sharing

General

Target

94b5fb2cd3993927c7441866c79f448a075b993b15c099e3e3e1adcf1a5f4806
Size

4.1MB
Sample

220707-mpxeksddek
MD5

45d8ffab15660edb4cb2de8efeedbe3a
SHA1

455517382b8f3c5aae10b8757755987bf7f4ca05
SHA256

94b5fb2cd3993927c7441866c79f448a075b993b15c099e3e3e1adcf1a5f4806
SHA512

d2d227b6ea373764d9d2207ba2fef260eff0ba567c3426c143cb66f8445b6eebc0f13f46ad40d42b98d99f6367333004910a633c8d69d0b59a03aea2888726f5

Score

10^/10

raccoon aspackv2 persistence spyware stealer

Malware Config

Targets

- Target
  
  94b5fb2cd3993927c7441866c79f448a075b993b15c099e3e3e1adcf1a5f4806
- Size
  
  4.1MB
- MD5
  
  45d8ffab15660edb4cb2de8efeedbe3a
- SHA1
  
  455517382b8f3c5aae10b8757755987bf7f4ca05
- SHA256
  
  94b5fb2cd3993927c7441866c79f448a075b993b15c099e3e3e1adcf1a5f4806
- SHA512
  
  d2d227b6ea373764d9d2207ba2fef260eff0ba567c3426c143cb66f8445b6eebc0f13f46ad40d42b98d99f6367333004910a633c8d69d0b59a03aea2888726f5
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

aspackv2raccoon

behavioral1

persistencespywarestealer

behavioral2