Overview

overview

10

Static

static

Setup.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.zip

  • Size

    1.7MB

  • Sample

    221214-dx571sca3y

  • MD5

    164018e90225848894c7e525d58521c5

  • SHA1

    1333fa8fc71040c220147fd498ce3d5d641d443a

  • SHA256

    853a932c1c6de5586f230ea96d2b95c41f763e467324e322dfc8357addbe026f

  • SHA512

    d74c6a31be102652d7834a5fdb502507afe51ebc485b1224bf94cd87c3878b0a7e978e7f9ea056a4992aa5a67b7596978d206ac316f3e807b4d89f50a0e088b5

  • SSDEEP

    6144:4IRV944br3TBZgR9EIErbqMeb8vPLA9nMMUfe0U9tyVcf6c936Jphp+LU42:4wV9fbrDBiSrWMHL8gMyc936bOwJ

Score
10/10
raccoonb4f472421ce1f18efd9f610339c3dae1discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

b4f472421ce1f18efd9f610339c3dae1

C2

http://77.73.134.30/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      425.2MB

    • MD5

      6cba7afb7fb7c47593af39003064905d

    • SHA1

      045a6dd9336cfd8a4b61f576448eb9ea22ec743d

    • SHA256

      2fe86beaad21234ac949e2a152c827e9a70e9735f62b92d7cdc90e9d433e55cf

    • SHA512

      cad4b8f96e4d5214c4ce8285ffc452babe0872c0681ecc77ecd8f13566725156f0622835a9c7e5260bd02ac574918ec983cf6ca92b4061c8fd44c90dfb08d230

    • SSDEEP

      24576:Gpo7zz2EXOOJxrPRArAVcGV6jY/tKYjl:ZzZdCucGV6U/t

    Score
    10/10
    raccoonb4f472421ce1f18efd9f610339c3dae1discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks