Overview

overview

10

Static

static

Softiwe Download.exe

windows7-x64

10

Softiwe Download.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Softiwe Download.exe

  • Size

    6.2MB

  • Sample

    221110-xbrmaacef4

  • MD5

    d09f24c0a05c276738452a9603749979

  • SHA1

    523f40262b733b930eaf21252b895215f4452312

  • SHA256

    8fb50a574fd1aa8828c17c9aee81ba2b08a435290eca3f2830e5a41d65199b52

  • SHA512

    883f523cc4b7359e2ed6987448e35af74e2a3643caaf49085d01c429bee5b1dd43ae9e0f3c4a27a61810af7a9195d1b5727d926544f3430ab0ec92bfc0d6617c

  • SSDEEP

    196608:4n3Wkb2vSZlGX1Kx0bmo9qQ/LerfFh1eU4xQNr:eGZtIx0r9qyebFzeU4xQN

Score
10/10
raccoond2f643fdb867ca6beffc12549d6afb13discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

d2f643fdb867ca6beffc12549d6afb13

C2

http://167.235.134.14/

rc4.plain

Targets

    • Target

      Softiwe Download.exe

    • Size

      6.2MB

    • MD5

      d09f24c0a05c276738452a9603749979

    • SHA1

      523f40262b733b930eaf21252b895215f4452312

    • SHA256

      8fb50a574fd1aa8828c17c9aee81ba2b08a435290eca3f2830e5a41d65199b52

    • SHA512

      883f523cc4b7359e2ed6987448e35af74e2a3643caaf49085d01c429bee5b1dd43ae9e0f3c4a27a61810af7a9195d1b5727d926544f3430ab0ec92bfc0d6617c

    • SSDEEP

      196608:4n3Wkb2vSZlGX1Kx0bmo9qQ/LerfFh1eU4xQNr:eGZtIx0r9qyebFzeU4xQN

    Score
    10/10
    raccoond2f643fdb867ca6beffc12549d6afb13discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks