General

  • Size

    6MB

  • Sample

    220714-g4ev7acge9

  • MD5

    c29a42ae9f3a44e8b7358e9b8fcd46e5

  • SHA1

    cf15043518df3306562dee1fa5fb3eb4bb1a06e4

  • SHA256

    08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181

  • SHA512

    34ae6ec1618410f093940bf03312846110f51cfb0a33e5c2c6555b3710cef145b2a6936e3d4fb9d1b4651d1442b6667bf4d8f8dec058763d396f5913e8b1071c

Malware Config

Extracted

Family

raccoon

Botnet

6f692affee3c8a5176ffa56f904dcc3e

C2

http://51.195.166.175/

rc4.plain

Targets

    • Target

      c29a42ae9f3a44e8b7358e9b8fcd46e5.exe

    • Size

      6MB

    • MD5

      c29a42ae9f3a44e8b7358e9b8fcd46e5

    • SHA1

      cf15043518df3306562dee1fa5fb3eb4bb1a06e4

    • SHA256

      08ff05c7d5ea1a8b4af9d40deec84d56b178c043e38613081722963667f0a181

    • SHA512

      34ae6ec1618410f093940bf03312846110f51cfb0a33e5c2c6555b3710cef145b2a6936e3d4fb9d1b4651d1442b6667bf4d8f8dec058763d396f5913e8b1071c

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation