General

  • Target

    fe1b78899975b0743933ddd3e44b49b4be94cf06edf20a79211037f79475ad95

  • Size

    5.7MB

  • Sample

    221130-xpharsac51

  • MD5

    9775c76a3cde8e4662dbd27b20e045b6

  • SHA1

    f1485a7562300296826ff509239f1d11ed4fc2e4

  • SHA256

    fe1b78899975b0743933ddd3e44b49b4be94cf06edf20a79211037f79475ad95

  • SHA512

    350c12198ac88a5362ec1b10d3195809d33740a504e800e8b26bdab7c1777852deb27a96bd7a2a2470fb31126cfe20e7ed922733608f836e490abd1f32921de0

  • SSDEEP

    98304:HE4VX+57n/rc00I5XVe1z/7sOu3rm2pg+XNirA2CKTf1Ft4f6P:kOX+5T/Y0zhV+L7C7m6SA2Ccuf

Malware Config

Extracted

Family

raccoon

rc4.plain

Targets

    • Target

      fe1b78899975b0743933ddd3e44b49b4be94cf06edf20a79211037f79475ad95

    • Size

      5.7MB

    • MD5

      9775c76a3cde8e4662dbd27b20e045b6

    • SHA1

      f1485a7562300296826ff509239f1d11ed4fc2e4

    • SHA256

      fe1b78899975b0743933ddd3e44b49b4be94cf06edf20a79211037f79475ad95

    • SHA512

      350c12198ac88a5362ec1b10d3195809d33740a504e800e8b26bdab7c1777852deb27a96bd7a2a2470fb31126cfe20e7ed922733608f836e490abd1f32921de0

    • SSDEEP

      98304:HE4VX+57n/rc00I5XVe1z/7sOu3rm2pg+XNirA2CKTf1Ft4f6P:kOX+5T/Y0zhV+L7C7m6SA2Ccuf

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

    • Shurk Stealer payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks