General

  • Target

    c73eef378eb054a400fb8163dd3141feaffea91eeb6a1363a41e7e7a88222f53

  • Size

    57KB

  • Sample

    221111-gq4bmahfe7

  • MD5

    5cef736542d8707af28a2927bb0a09c2

  • SHA1

    415816c04d498480ef350db4d77651dc17791897

  • SHA256

    c73eef378eb054a400fb8163dd3141feaffea91eeb6a1363a41e7e7a88222f53

  • SHA512

    9cc502bbe2ffaadc7de2f2ac6aaaadbd1911de0ab6c02420c029041001aa3e649592b0b61e825eb9033147bb47424374181a341586b96128aa1307214a6a3f38

  • SSDEEP

    1536:IVp01Eca2z/LvhbUDZUN1T04K3rJJOFOE:j1EcfBUDZi03K

Malware Config

Extracted

Family

raccoon

Botnet

d8f44b07b06da3a90ad87ebc9249718c

C2

http://79.137.205.87/

rc4.plain

Targets

    • Target

      c73eef378eb054a400fb8163dd3141feaffea91eeb6a1363a41e7e7a88222f53

    • Size

      57KB

    • MD5

      5cef736542d8707af28a2927bb0a09c2

    • SHA1

      415816c04d498480ef350db4d77651dc17791897

    • SHA256

      c73eef378eb054a400fb8163dd3141feaffea91eeb6a1363a41e7e7a88222f53

    • SHA512

      9cc502bbe2ffaadc7de2f2ac6aaaadbd1911de0ab6c02420c029041001aa3e649592b0b61e825eb9033147bb47424374181a341586b96128aa1307214a6a3f38

    • SSDEEP

      1536:IVp01Eca2z/LvhbUDZUN1T04K3rJJOFOE:j1EcfBUDZi03K

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks