Overview

overview

10

Static

static

autoplay.exe

windows10-1703-x64

10

autorun.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bEW48w9BEVk.zip

  • Size

    978KB

  • Sample

    220924-dqq5hsadh3

  • MD5

    b9007f402d61ecdc3f93ed8f90318e49

  • SHA1

    5cec1e8ac88e9453e1491a94c285b6ac285714ee

  • SHA256

    c942ba85a8f3d49faebc0c186ed560bc789483b7eb42989a9444b7f74c3fc4fa

  • SHA512

    7efa750cde38e322baae37def9c37b361e706299717d5028375266086bb786ab57088247ee2d7ca50dd532a088571156cab14a11d1dfa95e52df0f91598f64c3

  • SSDEEP

    24576:U3SklsN/XDVbjweihwaCA1Jwb4AaUs05iHRsf6R:UAZhFnaCA1Jk4A00Ng

Score
10/10
raccoon82b47b435e53e7fb9a7380684546ba5cspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

82b47b435e53e7fb9a7380684546ba5c

C2

http://77.73.133.23/

rc4.plain

Targets

    • Target

      autoplay.exe

    • Size

      2.5MB

    • MD5

      c4379188fbebcf19fb52982a07ad97e5

    • SHA1

      5959c3a2c4173a2ac35dda00692dd5b402b950ad

    • SHA256

      0933f4936176e06ade6b661f36423892a9553e92cf1d4ad8e20cfb9a83dc029c

    • SHA512

      e55ef130b26a3056bd5a1dfef2ef57bf28fe541d4b3903c238d308c8f1a999e20349a695c3ee420ac0ca77015bdfd4d9afda7c8982a6804ea7073c62f9253228

    • SSDEEP

      49152:KR+W+FYXeCasCDnkh4bC6ZD40PFL/xl3V:KR+W+F6eCZCDnkh+40PFL/V

    Score
    10/10
    raccoon82b47b435e53e7fb9a7380684546ba5cspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      autorun.inf

    • Size

      624KB

    • MD5

      98c26bafe8abd7cc9ccf037d4f8ca5e2

    • SHA1

      7993309decc39cd7aa69412a5e212f56501dd882

    • SHA256

      fb3ac39fdbcfc1243d5dd23314d13baafe3a05cd7f5b0eaae174c345c3de1c1a

    • SHA512

      e73c8466b5c209df7606bc3fca688a4397d94994bf0dbcfa8c08004ca2b318580f85736ea256a91ad360fa9e8415637c056c6fc815f1273a17ae1bb03137ea03

    • SSDEEP

      12288:RnWTGfLIYsoQnWq+SoQoCAcruhb2YT9BCnCKzUroHUudh3jNrLjeGm+M:Rn4GfLIYsoQkSToCAcruQI9BCC3roH5n

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks