Overview

overview

10

Static

static

Softiwe Do...ad.exe

windows7-x64

10

Softiwe Do...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Softiwe_Download.rar

  • Size

    6.2MB

  • Sample

    221110-vfsn2addfr

  • MD5

    9c4cb4328e1059cd2d304c51cf30d13c

  • SHA1

    fdfa445f23c791606625d6d49e4a0fc42c42f3ba

  • SHA256

    8aa57051e2d9b8d7398e47b5cdabd32df0b28696a32d1d44a8bb6b463b1f3ddb

  • SHA512

    d54d6b09f0bb9ff8af6a260663410a305225b731926bfb9aa6d3b7592866a97d50c52cb784d72a4ca3c042c8faa3d7539466dec3704ea0ee49c94ec7d5be83f5

  • SSDEEP

    98304:WbCO8lrOEEBDp29pPXtrkemFgHu16bPjfBVxRwJKtyW8jmtBWSCYuNLJRB:SjtjQ9B9rMOhbfBgfjmtEDh

Score
10/10
raccoond2f643fdb867ca6beffc12549d6afb13discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

d2f643fdb867ca6beffc12549d6afb13

C2

http://167.235.134.14/

rc4.plain

Targets

    • Target

      Softiwe Download/Softiwe Download.exe

    • Size

      6.2MB

    • MD5

      d09f24c0a05c276738452a9603749979

    • SHA1

      523f40262b733b930eaf21252b895215f4452312

    • SHA256

      8fb50a574fd1aa8828c17c9aee81ba2b08a435290eca3f2830e5a41d65199b52

    • SHA512

      883f523cc4b7359e2ed6987448e35af74e2a3643caaf49085d01c429bee5b1dd43ae9e0f3c4a27a61810af7a9195d1b5727d926544f3430ab0ec92bfc0d6617c

    • SSDEEP

      196608:4n3Wkb2vSZlGX1Kx0bmo9qQ/LerfFh1eU4xQNr:eGZtIx0r9qyebFzeU4xQN

    Score
    10/10
    raccoond2f643fdb867ca6beffc12549d6afb13stealerdiscoveryspyware

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks