General

  • Target

    SetupFile_06546598566565566520230130001832.zip

  • Size

    97.1MB

  • Sample

    230130-psv22aca41

  • MD5

    48c06193387d609f5bf0ef8113616194

  • SHA1

    bd3e609ad259704eeaa564cfd5ecbc01ed249086

  • SHA256

    ff7ce6bb4da1301b4a05577a8ca5e901d8469371686e273316362a3f50b4980f

  • SHA512

    bf31809de748628899cc1e63505a1270d0172503fd19b91030ef3e29fc0ed2ea10ec245cfefb3f103565d80624fe19502d67fcfd8c5980022d722dffde78f172

  • SSDEEP

    1572864:8vIfNLh1l4T0BbfJCDe3Y2F6W3E+EibZt2KRzk973Kt9jNRhwY/ZygpW7m9RRRyg:F/l4T05Jn3db3citfkG9jNPsg8mL

Malware Config

Extracted

Family

raccoon

Botnet

4859a564051819b0e0da9c36d0cc3ca2

C2

http://94.142.138.3/

rc4.plain

Targets

    • Target

      SetupFile.exe

    • Size

      762.9MB

    • MD5

      6ee8aef895a4a94d745ad2d1464e316c

    • SHA1

      cf6ae8cb821267875a5b7224e13a1ea3b43d87bb

    • SHA256

      76f4b9e74057d1a8d59934479a69c601833f3e7151f70f576924a70228451c7c

    • SHA512

      97c7d9fa7e64f487d29704a57dd9bfe2f4478a709ddf5e1eae412148250f2755436a0104fc9ea76d6f6d7dd02fd2c7d19e4693cde35f98b7727a471142eb8b55

    • SSDEEP

      98304:tfE8eSY+aKtQGU+dbeIhDDL1l1eEdW+xy/UNRc9X6UI4lXq81rwQIaVMPauQPKCx:tfEhj+3U+x9Xl13W8ysNRc9r/pqUx

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks