Overview

overview

10

Static

static

7

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    4.7MB

  • Sample

    221010-qmskdscbdq

  • MD5

    4a7c01c347ed9416940ed8597da69e27

  • SHA1

    57d9f5334ed9d1036a71a5670158fe4b9d9cfd79

  • SHA256

    20ed01a8e1ec898ec25499b5ac18d8522226e08c1ff8baffc327e63a6e46c919

  • SHA512

    1a0da8e395404523e4f295b00be630fcbbb58106e8e94f87752dff62d50c921a97b6a05a9be11348e7bcae228b109c100cfc740a5820158c61c663769ca4ff0f

  • SSDEEP

    49152:rZUJgcrkXw03C/V+H+5mf2B3+nkTQK4AUF5L/vEjF:VsgcwXr3CIe5IYTQK4RnLHEZ

Score
10/10
raccoonbd3a3a503834ef8e836d8a99d1ecff54agilenetspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

bd3a3a503834ef8e836d8a99d1ecff54

C2

http://77.73.133.7/

rc4.plain

Targets

    • Target

      file.exe

    • Size

      4.7MB

    • MD5

      4a7c01c347ed9416940ed8597da69e27

    • SHA1

      57d9f5334ed9d1036a71a5670158fe4b9d9cfd79

    • SHA256

      20ed01a8e1ec898ec25499b5ac18d8522226e08c1ff8baffc327e63a6e46c919

    • SHA512

      1a0da8e395404523e4f295b00be630fcbbb58106e8e94f87752dff62d50c921a97b6a05a9be11348e7bcae228b109c100cfc740a5820158c61c663769ca4ff0f

    • SSDEEP

      49152:rZUJgcrkXw03C/V+H+5mf2B3+nkTQK4AUF5L/vEjF:VsgcwXr3CIe5IYTQK4RnLHEZ

    Score
    10/10
    raccoonbd3a3a503834ef8e836d8a99d1ecff54agilenetspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks