Overview

overview

10

Static

static

783113387c...56.exe

windows7-x64

10

783113387c...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    783113387c8c4f2c14aa72e46f541a56.exe

  • Size

    288KB

  • Sample

    220911-zpvl7scbf2

  • MD5

    783113387c8c4f2c14aa72e46f541a56

  • SHA1

    abbbbcda4f84351cb20486d58f49f8c4ab903828

  • SHA256

    3dd554251ff82ea8e869a7b847623ea9faccbd9b99729ae298b2b76689641f41

  • SHA512

    eaefbbd654b86678f9db9eec5585176b89039e6dfb3eee10f2646b57633c6661ff813cc63c4c7591388a0f187a3d920c21d7b5500e86149e206ff30674c3cff3

  • SSDEEP

    6144:/qWZLRWNwwTb0S98Cca+jGJHd3tXWMPXUvb0M7I:/zL2frOCca+jGJHd3go

Score
10/10
raccoon567d5bff28c2a18132d2f88511f07435discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

567d5bff28c2a18132d2f88511f07435

C2

http://116.203.167.5/

http://195.201.248.58/
rc4.plain

Targets

    • Target

      783113387c8c4f2c14aa72e46f541a56.exe

    • Size

      288KB

    • MD5

      783113387c8c4f2c14aa72e46f541a56

    • SHA1

      abbbbcda4f84351cb20486d58f49f8c4ab903828

    • SHA256

      3dd554251ff82ea8e869a7b847623ea9faccbd9b99729ae298b2b76689641f41

    • SHA512

      eaefbbd654b86678f9db9eec5585176b89039e6dfb3eee10f2646b57633c6661ff813cc63c4c7591388a0f187a3d920c21d7b5500e86149e206ff30674c3cff3

    • SSDEEP

      6144:/qWZLRWNwwTb0S98Cca+jGJHd3tXWMPXUvb0M7I:/zL2frOCca+jGJHd3go

    Score
    10/10
    raccoon567d5bff28c2a18132d2f88511f07435discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks