Overview

overview

10

Static

static

Opensea Mint.7z

windows7-x64

3

Opensea Mint.7z

windows10-2004-x64

3

Opensea Mint/LICENSE

windows7-x64

1

Opensea Mint/LICENSE

windows10-2004-x64

1

Opensea Mi...er.exe

windows7-x64

10

Opensea Mi...er.exe

windows10-2004-x64

10

Opensea Mi...er.bat

windows7-x64

1

Opensea Mi...er.bat

windows10-2004-x64

1

Opensea Mi...les.sh

ubuntu-18.04-amd64

8

Opensea Mi...les.sh

debian-9-armhf

8

Opensea Mi...les.sh

debian-9-mips

8

Opensea Mi...les.sh

debian-9-mipsel

8

Opensea Mi...es.dll

ubuntu-18.04-amd64

Opensea Mi...es.dll

debian-9-armhf

Opensea Mi...es.dll

debian-9-mips

Opensea Mi...es.dll

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Opensea Mint.7z

  • Size

    2.4MB

  • Sample

    220811-chtd8shefn

  • MD5

    a86e881dc52bff3f3595aa1b570ce387

  • SHA1

    a7225b9ae963296097b24920a364526f78c5b9b0

  • SHA256

    37670f71a35213217cab145aa7e262e0e46e411007b2d68f26e74c3d44693e95

  • SHA512

    58261edf2108caa356eea20d2b82aad4fab432dfb4e7c62ec632a92979de8a197399ebc007409decc6b45969077a2fac3cfaf3c556b8685778a3f5ab8f04f6f3

Score
10/10
raccoon7af9c6169887d79cc4d744abe122c9c2linuxstealer

Malware Config

Extracted

Family

raccoon

Botnet

7af9c6169887d79cc4d744abe122c9c2

C2

http://213.252.247.130/

http://213.252.247.152/
rc4.plain

Targets

    • Target

      Opensea Mint.7z

    • Size

      2.4MB

    • MD5

      a86e881dc52bff3f3595aa1b570ce387

    • SHA1

      a7225b9ae963296097b24920a364526f78c5b9b0

    • SHA256

      37670f71a35213217cab145aa7e262e0e46e411007b2d68f26e74c3d44693e95

    • SHA512

      58261edf2108caa356eea20d2b82aad4fab432dfb4e7c62ec632a92979de8a197399ebc007409decc6b45969077a2fac3cfaf3c556b8685778a3f5ab8f04f6f3

    Score
    3/10
    behavioral1behavioral2

    • Target

      Opensea Mint/LICENSE

    • Size

      2KB

    • MD5

      6defd9979d905dae2a11def8ae4ba014

    • SHA1

      d04c0b7c8b5036c4ae0a138bfdc490d6fdc71029

    • SHA256

      1c2650bf4ecddc5246d01261c09fd534146fe7ad493d06003501fad0d2cd87e1

    • SHA512

      074af8a12b240ab73ddda931c5e95d0a8769ca1b9f53259eabbbcadb7ea8f21e65315ef0913606da086ef671353f7e1683b7e8cbc63337feac5cb1c4566a3e7e

    Score
    1/10
    behavioral3behavioral4

    • Target

      Opensea Mint/Launcher.exe

    • Size

      2.4MB

    • MD5

      4cd71ee88eab1d1774584e560dd05a5e

    • SHA1

      e359c0e8fe530d3bca70a3eecaed20df051d0e75

    • SHA256

      2318aab19d001baa674543b6fef1626ae23731f38ceaee3babcc643c9ae88a1f

    • SHA512

      7e46d2dcc44dd5b65c6a2857d08fa1226b6df69c089261c894096343c0a868b2e0d6965e7d1ea5c69336c6846a2dfe56736912f497ae7640fbf264859aecf166

    Score
    10/10
    raccoon7af9c6169887d79cc4d744abe122c9c2stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      Opensea Mint/helper.bat

    • Size

      35KB

    • MD5

      d65a44d4cce82fee1f78ca2e69412b5d

    • SHA1

      ee4b981da214feb54aee7cf484233dc321a9ad8e

    • SHA256

      6a4d441c2fa1d8d37b0189c7147a4b5424d5cdb122a7fc1fbebd022864ed54fb

    • SHA512

      241490100a87d1f218fa23f86bee2bd6b29beb4067904d6626f790d35cfc8244f99b38c3fa54293b4d0d86890bc1a428580511465cab92cc72c590db2b05bfd0

    Score
    1/10
    behavioral7behavioral8

    • Target

      Opensea Mint/install_modules.sh

    • Size

      3KB

    • MD5

      05a28430f97b6db328b9f748005718cc

    • SHA1

      da28f7c62b43f2cb97e5b6a2e71eb8199bdbae5c

    • SHA256

      d05559d26e8db46d562314ecc55bb8f0f17518f313cf0f2e0cff690f4240aacf

    • SHA512

      d2f64b14e83b668c03af5c4f9495a7b268a7756220b74df82e54fba0edea3f374e353dd69b9c293cd51fbd6c5ecaea86072ce2895f91a09451bf0cbd2019cbdf

    Score
    8/10

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Write file to user bin folder

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral9behavioral10behavioral11behavioral12

    • Target

      Opensea Mint/libraries.dll

    • Size

      118KB

    • MD5

      01249bb3f9b8e4da9950f53a4e569865

    • SHA1

      7e16f5eabdd0fcaa708832ff4eb82f7bdef7206d

    • SHA256

      6396d6670598c51c5ae723f8209d850bfba736b0814e42e5432cc16bbdde0703

    • SHA512

      389128c32377af7257b5c719abc2c95132f78b95c103bb2e9e8780430d7ab94f1eab0ef84607bfec31bf9dffee4d0daa0694c6f9bfd5f4416813b784f2e63f5a

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Hijack Execution Flow

1
T1574

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

1
T1568

Impact

Tasks