Overview

overview

10

Static

static

5b8c06b231...04.exe

windows7-x64

10

5b8c06b231...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b8c06b231b7431a0d3db97321c748047057cc48bb0ffe7bb11f32ae18e7c004.exe

  • Size

    4.6MB

  • Sample

    220908-fwmqdsahan

  • MD5

    4201e4c87fb2718d5445cda0c057797a

  • SHA1

    d44cda25fe83336a813695ff6c6d0ee02bfb3eda

  • SHA256

    5b8c06b231b7431a0d3db97321c748047057cc48bb0ffe7bb11f32ae18e7c004

  • SHA512

    b472783f002df0d078baf7405f58e010f8cd1615a803cea12b6399347a3989594bc9319d12338324928944b04854340fe8ff1afbbec378e2df853c895011f851

  • SSDEEP

    98304:Gn3OlG+FBT+yj000zjrcL/do1DBY2YKuRrfFsIMN:31p+yb6jIL/dQiUuFfmN

Score
10/10
raccoon8eb14caca01131f5f4ff62ef8a0fcab4evasionstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

8eb14caca01131f5f4ff62ef8a0fcab4

C2

http://77.75.230.25/

http://146.19.170.157/
rc4.plain

Targets

    • Target

      5b8c06b231b7431a0d3db97321c748047057cc48bb0ffe7bb11f32ae18e7c004.exe

    • Size

      4.6MB

    • MD5

      4201e4c87fb2718d5445cda0c057797a

    • SHA1

      d44cda25fe83336a813695ff6c6d0ee02bfb3eda

    • SHA256

      5b8c06b231b7431a0d3db97321c748047057cc48bb0ffe7bb11f32ae18e7c004

    • SHA512

      b472783f002df0d078baf7405f58e010f8cd1615a803cea12b6399347a3989594bc9319d12338324928944b04854340fe8ff1afbbec378e2df853c895011f851

    • SSDEEP

      98304:Gn3OlG+FBT+yj000zjrcL/do1DBY2YKuRrfFsIMN:31p+yb6jIL/dQiUuFfmN

    Score
    10/10
    raccoon8eb14caca01131f5f4ff62ef8a0fcab4evasionstealertrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks