Overview

overview

10

Static

static

7

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NewstVersion_1234_InstallerPass.rar

  • Size

    4.1MB

  • Sample

    221220-qyhvbshf57

  • MD5

    cda1504b1d4004c8bf3b90b9035ebeb8

  • SHA1

    46832d82bc25c7363f32b3473872936e97cfe990

  • SHA256

    4d18cd22365f3f3d714fca4a674014fc7a68d6029da4c53a94fe950189f9c956

  • SHA512

    3932b135f10e2cf84811fb462b4dc9e804883fb6aed2262848dcf543515a00e5b14728d8c700286402b5232083b394c1180e4c55ddd383ba1de03731eb00dd5c

  • SSDEEP

    98304:8/W8ZSAQXOhvyrvtrfyz7bpVs6pOohZsKRPm5:8u8kA0OhqRrKz3Ee5RO5

Score
10/10
raccoonb4f472421ce1f18efd9f610339c3dae1evasionstealerthemidatrojan

Malware Config

Extracted

Family

raccoon

Botnet

b4f472421ce1f18efd9f610339c3dae1

C2

http://77.73.134.30/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      428.0MB

    • MD5

      9d2b9885fdb0885ac11bd944c86c4655

    • SHA1

      eeeebef1fd514f1b697158c990ba94b9c752374c

    • SHA256

      ef70efe0a3cd860831657fa7ee8d832d49c8d8489df4b35d2480cc043bbb1b04

    • SHA512

      6ca0fe74cec6b22e9d9da927614cfed8440d153f8852fc938b7f156b95c29ddca7b652557635ebb6aa7197ad37c0a09d475deedddc44316ddac929cdac7b4813

    • SSDEEP

      98304:b8vH233wZUFkCNauJm+UPp7WMZwa/jOTN:bowwP+UxaMZxbOT

    Score
    10/10
    raccoonb4f472421ce1f18efd9f610339c3dae1evasionstealerthemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks