Overview

overview

10

Static

static

1212590cba...03.exe

windows7-x64

10

1212590cba...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1212590cba654ef189844d611df9b9656f9c373a68230ed2aebef66154e76003.exe

  • Size

    4.6MB

  • Sample

    220907-ny1zsshbhl

  • MD5

    24a6d10f18e7801011eb73b3aaf65ee7

  • SHA1

    b80a2fa127142be276b1822178a5405120a00083

  • SHA256

    1212590cba654ef189844d611df9b9656f9c373a68230ed2aebef66154e76003

  • SHA512

    9af9fa6bb4554fc90651598efa494ccefec032362b9b9bcb9f90d1a272d37e5fee123d573c40a61c9e7e204422057202a202398211532e8c79c65d2f66123c17

  • SSDEEP

    98304:SBMsNJVsjEFa9A6laShiWT2jfHKyHI42dFxz5mFcWYfAzvoV0:aDNJVsjXNaShcpHKdFxtmGRk6

Score
10/10
raccoon8eb14caca01131f5f4ff62ef8a0fcab4evasionstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

8eb14caca01131f5f4ff62ef8a0fcab4

C2

http://77.91.102.230/

http://146.19.170.157/
rc4.plain

Targets

    • Target

      1212590cba654ef189844d611df9b9656f9c373a68230ed2aebef66154e76003.exe

    • Size

      4.6MB

    • MD5

      24a6d10f18e7801011eb73b3aaf65ee7

    • SHA1

      b80a2fa127142be276b1822178a5405120a00083

    • SHA256

      1212590cba654ef189844d611df9b9656f9c373a68230ed2aebef66154e76003

    • SHA512

      9af9fa6bb4554fc90651598efa494ccefec032362b9b9bcb9f90d1a272d37e5fee123d573c40a61c9e7e204422057202a202398211532e8c79c65d2f66123c17

    • SSDEEP

      98304:SBMsNJVsjEFa9A6laShiWT2jfHKyHI42dFxz5mFcWYfAzvoV0:aDNJVsjXNaShcpHKdFxtmGRk6

    Score
    10/10
    raccoon8eb14caca01131f5f4ff62ef8a0fcab4evasionstealertrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks