Overview

overview

10

Static

static

7

e1689f695b...ca.exe

windows7-x64

10

e1689f695b...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.zip

  • Size

    6.4MB

  • Sample

    221130-jvhxlabe57

  • MD5

    b424842beae9cadc0cb3e4990ef060b4

  • SHA1

    b6913ac02584fc45ee1e6a6bb2c66e1e610b1e47

  • SHA256

    f4fd0842db586c415fcb3e83a4b7168df03b851557873d2d18978ad57b257a1b

  • SHA512

    afe7186d6b06f0fe7fa320c91e2d5fb0a8c371298bcb61633c963d9067bc97134834c413de1607b61314d404047f38a070c5c9a524b970d1da8c97df7ad9837f

  • SSDEEP

    98304:gfTxhb+qhRmj2H1elEtqVcCJg7+xyob71ihfJ/eYxyoY8zo2Z99pKamlAsWs+Y:cTxboaVoEtac4g7+ClxloIdNPY

Score
10/10
raccoon417f00e313b534b6267434933616178bevasionstealerthemidatrojan

Malware Config

Extracted

Family

raccoon

Botnet

417f00e313b534b6267434933616178b

C2

http://193.149.185.171

http://193.149.180.60

http://193.149.187.34
rc4.plain

Targets

    • Target

      e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.exe

    • Size

      6.7MB

    • MD5

      7fdff809af7d3b25c76709165a78a89e

    • SHA1

      6a62910a88111aad6a22924a8e1d1a35626f6bee

    • SHA256

      e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca

    • SHA512

      925fbf207a628989230ccbdb16e41eb8a54c9df801e05f4a3ee71d8f66557e97fdef7453b89f50f73d8ef812edb7ff43178a367a4f1f67b901ef1972cb35f950

    • SSDEEP

      98304:yQG23fmewHtW7ZgPsy8WtNyDqmNiRMkJlSqxegWtIoZv082OQvG5N8pbso2x+x:jaQy86+iRM8EIegG/ZvhWrgj6

    Score
    10/10
    raccoon417f00e313b534b6267434933616178bevasionstealerthemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks