Overview

overview

10

Static

static

setup.exe

windows7-x64

8

setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup.exe

  • Size

    1.8MB

  • Sample

    220730-pjmpasahc6

  • MD5

    1094e15cf94af4d7496ba97e503001b3

  • SHA1

    4b0740ac778939ceb43a676831f825291ca70d4e

  • SHA256

    3104d062801e5059e77f82102bacfef55646f0c0c24f3d7b03b98e012e2a5514

  • SHA512

    aef9e67e6b5abb51f8cbd501808fdf39eafb44b16daac1b737cf63813bf47f09d12a2826e99f756a7b5235c6b4afdd5e128af4ae1c23998fea03427d2d55f2d8

Score
10/10
raccoonc4376f037b1703b305ca5fb81f6ffc21stealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://hyperhyper8.com/welcome

Extracted

Family

raccoon

Botnet

c4376f037b1703b305ca5fb81f6ffc21

C2

http://77.75.230.46/

http://5.252.23.142/
rc4.plain

Targets

    • Target

      setup.exe

    • Size

      1.8MB

    • MD5

      1094e15cf94af4d7496ba97e503001b3

    • SHA1

      4b0740ac778939ceb43a676831f825291ca70d4e

    • SHA256

      3104d062801e5059e77f82102bacfef55646f0c0c24f3d7b03b98e012e2a5514

    • SHA512

      aef9e67e6b5abb51f8cbd501808fdf39eafb44b16daac1b737cf63813bf47f09d12a2826e99f756a7b5235c6b4afdd5e128af4ae1c23998fea03427d2d55f2d8

    Score
    10/10
    raccoonc4376f037b1703b305ca5fb81f6ffc21stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks