Overview

overview

10

Static

static

a4b5c22ad6...65.exe

windows7-x64

10

a4b5c22ad6...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4b5c22ad66abf713b53dd48a7b6da65.exe

  • Size

    1.5MB

  • Sample

    220921-k96smsbedn

  • MD5

    a4b5c22ad66abf713b53dd48a7b6da65

  • SHA1

    73c02bb3add993ce71e9ee461494cd2584754066

  • SHA256

    c0b96ba1adef41f90c616ba72a4047735925f14d4745a87992732dcd1dc60b23

  • SHA512

    d56dcab8093aa1160aa94d3eb2b6e18c77d93d3df69e8ecb1730b9f6655ba185a0a88bff5f4fac753029842a03600864367761e69247180a5a2e247621d89408

  • SSDEEP

    24576:wgRocFUaFfzmT58FvIU5FL4vZzdhZ3lz3MUiAQrVdU91NMBnw4AUci:wgScyUfzmAQzZJL3lLn5+Vdw1NUPA4

Score
10/10
raccoon9b19cf60d9bdf65b8a2495aa965456c3spywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://94.131.107.23/

http://45.11.19.99/
rc4.plain

Targets

    • Target

      a4b5c22ad66abf713b53dd48a7b6da65.exe

    • Size

      1.5MB

    • MD5

      a4b5c22ad66abf713b53dd48a7b6da65

    • SHA1

      73c02bb3add993ce71e9ee461494cd2584754066

    • SHA256

      c0b96ba1adef41f90c616ba72a4047735925f14d4745a87992732dcd1dc60b23

    • SHA512

      d56dcab8093aa1160aa94d3eb2b6e18c77d93d3df69e8ecb1730b9f6655ba185a0a88bff5f4fac753029842a03600864367761e69247180a5a2e247621d89408

    • SSDEEP

      24576:wgRocFUaFfzmT58FvIU5FL4vZzdhZ3lz3MUiAQrVdU91NMBnw4AUci:wgScyUfzmAQzZJL3lLn5+Vdw1NUPA4

    Score
    10/10
    raccoon9b19cf60d9bdf65b8a2495aa965456c3spywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks