General

  • Target

    Adobe_Photoshop_2022.rar

  • Size

    1.8MB

  • Sample

    221216-1mw8paae9x

  • MD5

    d667c0f13d5f8473209308352cb69a29

  • SHA1

    eff868d43b7a08bd138fbc6cf3300845695368bc

  • SHA256

    1fd5c566aa8a625297a5910399f4e3700b5e3698f569a446a42a3e9b022640cf

  • SHA512

    88d95a6c2f52e7df3b12d07f9c3ac74ae420ae715992341662e57f7d1404cff2a5d036f01bd2be14b5e5b9d710be8893fa9c7e06027846e6b4671901652b2e4f

  • SSDEEP

    49152:OHz8CCr2sSKeKBAa0pTaZlidQFUizYNqo/QbXXHutkn+:mICVZXKBAa0laZlidQk2bHO2n+

Malware Config

Extracted

Family

raccoon

Botnet

3c35ec73bceaa673478a25f7581e1002

C2

http://37.220.87.34/

rc4.plain

Targets

    • Target

      Adobe_Photoshop_2022/photoshop.exe

    • Size

      825.7MB

    • MD5

      6a984a409107f009ea8cb6f47b804e90

    • SHA1

      0a39061d262e9ce7ad2e5abb5b0092c7af1ede67

    • SHA256

      1215867d3c24aaef5ebeeb0fa588e71de6e305c94a71975266e501230098e447

    • SHA512

      2938a45debc62693f5c56b18ca182c8d4cde9a2e38474dbf3c537ad8000c86d10d6c729c2f6a36b46ade4643272da46daf401bd3467f63c14bd1f2fc3cdf85cb

    • SSDEEP

      12288:SIZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZBxnsGu42O4XQzw/t+DrX:SAxsGLPEMwF+

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks