Overview

overview

10

Static

static

337180663d...2f.exe

windows7-x64

10

337180663d...2f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe

  • Size

    4.6MB

  • Sample

    220907-nyfnvshbgq

  • MD5

    0ef5054808b0e5aa7e213946dd368543

  • SHA1

    6ae6caad04552882ea2d18908c481b22ee6cfc92

  • SHA256

    337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f

  • SHA512

    fd98e86918e31cd1018b3c040bf49fd5492923da9e801ed2b3beeb662e2eabef3225bca24d0532afef05979b8439b9b13594f4f3feff45019bef6f0fad42ccf9

  • SSDEEP

    98304:lCWPuwmKvFdR5PiIK2WkNX84559RcsXExnRSZjrOog+52MzkEvUp44:oWWwLFdR5Pi32Wkx1hRcsUxnRSZj1g+3

Score
10/10
raccoon8eb14caca01131f5f4ff62ef8a0fcab4�n(�@����|��z4bt�r�,'hqqevasionstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

8eb14caca01131f5f4ff62ef8a0fcab4

C2

http://77.75.230.25/

http://146.19.170.157/
rc4.plain

Extracted

Family

raccoon

Botnet

�n(�@����|��Z4bT�r�,'hQQ

rc4.plain

Targets

    • Target

      337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f.exe

    • Size

      4.6MB

    • MD5

      0ef5054808b0e5aa7e213946dd368543

    • SHA1

      6ae6caad04552882ea2d18908c481b22ee6cfc92

    • SHA256

      337180663dda69a129ea98b5c88d906f365536ed03aed7191e8e0d94ef2caa2f

    • SHA512

      fd98e86918e31cd1018b3c040bf49fd5492923da9e801ed2b3beeb662e2eabef3225bca24d0532afef05979b8439b9b13594f4f3feff45019bef6f0fad42ccf9

    • SSDEEP

      98304:lCWPuwmKvFdR5PiIK2WkNX84559RcsXExnRSZjrOog+52MzkEvUp44:oWWwLFdR5Pi32Wkx1hRcsUxnRSZj1g+3

    Score
    10/10
    raccoon8eb14caca01131f5f4ff62ef8a0fcab4evasionstealertrojan�n(�@����|��z4bt�r�,'hqq

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks