Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3da135295e9656c566198a074891d12a.exe

  • Size

    526KB

  • Sample

    220907-m6vbjshbam

  • MD5

    3da135295e9656c566198a074891d12a

  • SHA1

    4a0b2f9e0aaab1e3e582dccbfdd326ffdcd50c9d

  • SHA256

    54f9e59bebd84343d69b966a0b1cb6a585da3502d27fa9d882eaa56cd3cffeed

  • SHA512

    70b52965cbf7e9bfcf2789c11e93afd83919d526692f2426535e3e728151e3a81ba9409244ddf07f76f0a1120ec6f6a7039be4afecf07cd87ee4923899bdf04f

  • SSDEEP

    6144:AMpElumPbWZbekXxUCeNM9GdVWGFKBFSUADmvLXjkm8la1LuCQUOqrtihLBZF4i:xqw/xUCeNM9Gd4GFK79A01LuCQUdit

Malware Config

Extracted

Family

raccoon

Botnet

d020f14a64593b123f5299012b4c811a

C2

http://116.203.167.5/

http://195.201.248.58/

rc4.plain

Targets

    • Target

      3da135295e9656c566198a074891d12a.exe

    • Size

      526KB

    • MD5

      3da135295e9656c566198a074891d12a

    • SHA1

      4a0b2f9e0aaab1e3e582dccbfdd326ffdcd50c9d

    • SHA256

      54f9e59bebd84343d69b966a0b1cb6a585da3502d27fa9d882eaa56cd3cffeed

    • SHA512

      70b52965cbf7e9bfcf2789c11e93afd83919d526692f2426535e3e728151e3a81ba9409244ddf07f76f0a1120ec6f6a7039be4afecf07cd87ee4923899bdf04f

    • SSDEEP

      6144:AMpElumPbWZbekXxUCeNM9GdVWGFKBFSUADmvLXjkm8la1LuCQUOqrtihLBZF4i:xqw/xUCeNM9Gd4GFK79A01LuCQUdit

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks