Overview

overview

10

Static

static

1

Ableton Li...er.exe

windows7-x64

1

Ableton Li...er.exe

windows10-2004-x64

10

Ableton Li...er.exe

windows7-x64

1

Ableton Li...er.exe

windows10-2004-x64

10

Ableton.Ll...er.exe

windows7-x64

1

Ableton.Ll...er.exe

windows10-2004-x64

10

Ableton.Ll...te.exe

windows7-x64

1

Ableton.Ll...te.exe

windows10-2004-x64

10

Ableton.Ll...en.exe

windows7-x64

8

Ableton.Ll...en.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ableton.Llive.Suite.11.2.6.zip

  • Size

    24.8MB

  • Sample

    230127-nkdbksbg5s

  • MD5

    8d22b1da702edae3bb5dad56fa8abd5a

  • SHA1

    ef8da2de7818ac9f2c6228229415673a8d75e4a3

  • SHA256

    4a97057eaf50f3a2866d01a53dd42234ffc3f8314f0d6005645ce00621b9d20b

  • SHA512

    b2f113a6e43c818405b0b38cfcd93b7e7ba3e342151be2759664fa863fbf84c0e6d7391f2e5400760d99d0f9a263849a2bbc9d60bea0226f6ca920b73295a7fc

  • SSDEEP

    786432:7k+hrFmPO5cyJL+l2I0VJcMGTyKesoCShQ+Eb1Ku+fu7fBE6rc:7k+hrYO5cyJLo00MGNmCII11+z0c

Score
10/10
raccoon4ee4e2ee5aa36d394f5d44408a602375discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

4ee4e2ee5aa36d394f5d44408a602375

C2

http://168.119.60.182/

rc4.plain

Targets

    • Target

      Ableton Live 11 Suite Installer.exe

    • Size

      6.3MB

    • MD5

      05517715339d0202753043b809857877

    • SHA1

      c3295ef7bfe8f474d468fa39ed67c65b66733163

    • SHA256

      9a79efd66dafa62b75f8dfb77defa5ce06858c6501dbcc90930a959827583271

    • SHA512

      75a125fe5fa11cba0b6d0545b5fdce3b0e0360dc4d3b2c10ee8d2bed81af31566f9f05dc02b6c5343257f4e8ad6f6b9ed0fae429b42682923999be2cd96c9d9b

    • SSDEEP

      196608:xmD/cRu3LyA8OYtgd/bS/4jqJK7nmLAqq:xmq5KjS/ojnB

    Score
    10/10
    raccoon4ee4e2ee5aa36d394f5d44408a602375stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Ableton Live 11 Suite Installer.exe

    • Size

      6.3MB

    • MD5

      05517715339d0202753043b809857877

    • SHA1

      c3295ef7bfe8f474d468fa39ed67c65b66733163

    • SHA256

      9a79efd66dafa62b75f8dfb77defa5ce06858c6501dbcc90930a959827583271

    • SHA512

      75a125fe5fa11cba0b6d0545b5fdce3b0e0360dc4d3b2c10ee8d2bed81af31566f9f05dc02b6c5343257f4e8ad6f6b9ed0fae429b42682923999be2cd96c9d9b

    • SSDEEP

      196608:xmD/cRu3LyA8OYtgd/bS/4jqJK7nmLAqq:xmq5KjS/ojnB

    Score
    10/10
    raccoon4ee4e2ee5aa36d394f5d44408a602375stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      Ableton.Llive.Suite.11.2.6/Ableton Live 11 Suite Installer.exe

    • Size

      6.3MB

    • MD5

      05517715339d0202753043b809857877

    • SHA1

      c3295ef7bfe8f474d468fa39ed67c65b66733163

    • SHA256

      9a79efd66dafa62b75f8dfb77defa5ce06858c6501dbcc90930a959827583271

    • SHA512

      75a125fe5fa11cba0b6d0545b5fdce3b0e0360dc4d3b2c10ee8d2bed81af31566f9f05dc02b6c5343257f4e8ad6f6b9ed0fae429b42682923999be2cd96c9d9b

    • SSDEEP

      196608:xmD/cRu3LyA8OYtgd/bS/4jqJK7nmLAqq:xmq5KjS/ojnB

    Score
    10/10
    raccoon4ee4e2ee5aa36d394f5d44408a602375stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      Ableton.Llive.Suite.11.2.6/Crack/Ableton Live 11 Suite.exe

    • Size

      6.3MB

    • MD5

      05517715339d0202753043b809857877

    • SHA1

      c3295ef7bfe8f474d468fa39ed67c65b66733163

    • SHA256

      9a79efd66dafa62b75f8dfb77defa5ce06858c6501dbcc90930a959827583271

    • SHA512

      75a125fe5fa11cba0b6d0545b5fdce3b0e0360dc4d3b2c10ee8d2bed81af31566f9f05dc02b6c5343257f4e8ad6f6b9ed0fae429b42682923999be2cd96c9d9b

    • SSDEEP

      196608:xmD/cRu3LyA8OYtgd/bS/4jqJK7nmLAqq:xmq5KjS/ojnB

    Score
    10/10
    raccoon4ee4e2ee5aa36d394f5d44408a602375discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      Ableton.Llive.Suite.11.2.6/R2R/Ableton_KeyGen.exe

    • Size

      1.1MB

    • MD5

      5137f6c1b6fec54e3c4fce6261905dd6

    • SHA1

      2acfa6961576086cb34376222cca49027b77871d

    • SHA256

      72c96f7e2f4823bb9f28944c96aa1b737be20edd52ca97b699085d3498e4ab74

    • SHA512

      762ccc51cb1f361ec9d44971015bfeef346f5dc0162d241f6e052bcd4ddb201655342fc21a3e8fe12243e678638e086f0c403eb01a6e52530f89f08f29e3e4a4

    • SSDEEP

      24576:scLyLVBj7bonifxHi8nnM6+uRCy/4cZTKRZiKx9j1zp9KtyUHW:sAOsif1TMC1wcZTK+KZzxUHW

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks