Overview

overview

10

Static

static

Softiwe Do...ad.exe

windows7-x64

10

Softiwe Do...ad.exe

windows10-2004-x64

10

Softiwe Do...ld.exe

windows7-x64

Softiwe Do...ld.exe

windows10-2004-x64

Softiwe Do...ib.dll

windows7-x64

1

Softiwe Do...ib.dll

windows10-2004-x64

3

Softiwe Do...-2.dll

windows7-x64

1

Softiwe Do...-2.dll

windows10-2004-x64

3

Softiwe Do...ir.dll

windows7-x64

3

Softiwe Do...ir.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Softiwe_Download.rar

  • Size

    6.2MB

  • Sample

    221110-w2ly2secfj

  • MD5

    9c4cb4328e1059cd2d304c51cf30d13c

  • SHA1

    fdfa445f23c791606625d6d49e4a0fc42c42f3ba

  • SHA256

    8aa57051e2d9b8d7398e47b5cdabd32df0b28696a32d1d44a8bb6b463b1f3ddb

  • SHA512

    d54d6b09f0bb9ff8af6a260663410a305225b731926bfb9aa6d3b7592866a97d50c52cb784d72a4ca3c042c8faa3d7539466dec3704ea0ee49c94ec7d5be83f5

  • SSDEEP

    98304:WbCO8lrOEEBDp29pPXtrkemFgHu16bPjfBVxRwJKtyW8jmtBWSCYuNLJRB:SjtjQ9B9rMOhbfBgfjmtEDh

Score
10/10
raccoond2f643fdb867ca6beffc12549d6afb13discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

d2f643fdb867ca6beffc12549d6afb13

C2

http://167.235.134.14/

rc4.plain

Targets

    • Target

      Softiwe Download/Softiwe Download.exe

    • Size

      6.2MB

    • MD5

      d09f24c0a05c276738452a9603749979

    • SHA1

      523f40262b733b930eaf21252b895215f4452312

    • SHA256

      8fb50a574fd1aa8828c17c9aee81ba2b08a435290eca3f2830e5a41d65199b52

    • SHA512

      883f523cc4b7359e2ed6987448e35af74e2a3643caaf49085d01c429bee5b1dd43ae9e0f3c4a27a61810af7a9195d1b5727d926544f3430ab0ec92bfc0d6617c

    • SSDEEP

      196608:4n3Wkb2vSZlGX1Kx0bmo9qQ/LerfFh1eU4xQNr:eGZtIx0r9qyebFzeU4xQN

    Score
    10/10
    raccoond2f643fdb867ca6beffc12549d6afb13discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      Softiwe Download/kerneld.v64

    • Size

      33KB

    • MD5

      e906554453d39a3352051589021054bf

    • SHA1

      be3dfbffc574604b65d38b5e93406550847a99b1

    • SHA256

      27375351b4a723465f937866f0ffc86e8e612b093673ee25ccf0b7ea803f888f

    • SHA512

      20792c60c7fad0da124b542ad98ec69dacb9483bf7948df56d14299bcb162316f1343614c3ae7f3835d90de65a33d6d2f908d7e64731b634dc5872002a98e5dc

    • SSDEEP

      768:3L0ViSUM7F9hcn5UPSzxFy9VcYCOKaj0qUymWB:3L086On5jF090JariWB

    Score
    1/10
    behavioral3behavioral4

    • Target

      Softiwe Download/storelib.dll

    • Size

      159KB

    • MD5

      aedf4928d0ed444609abcaab5d8ef334

    • SHA1

      b3f81d2cd9191151742cd96158e0a17710b8dbbc

    • SHA256

      6b29cad1f6da51f45b7164758a16328eaac9f31021e9172dd3d2f1d0d672da99

    • SHA512

      9ad07d5dcc61208d535bea2472c2244aedd18ab274a6657893036fa42ce2ea297c6244f352e7d64a24d2788d329b3d3d82c98f71f27d6e227a2b8b20ad6c0756

    • SSDEEP

      3072:Swpq71+8xl3WyCdJROjSeIt4+/e792t2K5zo9dRa:Sv0wh2dYSeIt4+c9I

    Score
    3/10
    behavioral5behavioral6

    • Target

      Softiwe Download/storelibir-2.dll

    • Size

      275KB

    • MD5

      ffb6b65a71232e4b692cb33af2d0cdf8

    • SHA1

      c0758d6dd87e80c187e006bb8d6f084260c09a77

    • SHA256

      833cdbcac5781d350af6939422c770b5194de1bc0cc1bbd38cd929256f440bbf

    • SHA512

      70fee00acf8882e40e4e33ca1aa021e3833ead9e00ae197935fa859c962dacd5e2272c5da5b13f1633219eb6b1dabe37ff335c653c94cdccde95526f18684811

    • SSDEEP

      6144:DaAGE61xLaj7jShlyq/b9S9hQWEIyDWvLWR:Db61xLaDTqbeQWEPbR

    Score
    3/10
    behavioral7behavioral8

    • Target

      Softiwe Download/storelibir.dll

    • Size

      259KB

    • MD5

      6fcca15d63300917af99a4c4af4f019f

    • SHA1

      cbb7d0bf456e17c4e91dc0605ad5be19a9346525

    • SHA256

      5f5ebabf5143c8afcbaa4eff5e92af251ae483acd3a9ddddd2f743ba07e54019

    • SHA512

      21aeea4a8d941002f040a81d7c64a23fe548eab3942b68e19d909b6145534da74a8759f1fcf795d5aab781e48bed07d1ca6b912ec0db5af0abf13af6e8365fd7

    • SSDEEP

      3072:+Qzal/XXPLA4AEjJkqNPdYReIBzDY2mASmnNwN7B755CoSsMB91UoxhK9F+g:+QmQ4NPNIBzDYGSmn+NxZMB5jg

    Score
    3/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks