Overview

overview

10

Static

static

b002e90f98...bc.exe

windows7-x64

1

b002e90f98...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b002e90f98f6643ade82b4d657b920bc.exe

  • Size

    1.6MB

  • Sample

    230130-xel6zadb8t

  • MD5

    b002e90f98f6643ade82b4d657b920bc

  • SHA1

    2c56bae21ca4cc1d16c58a7f53add0a8ac54fa57

  • SHA256

    8a1197f828988b534acf6542b5ee75239c35fc94aeeee293e45d1d01d512b29d

  • SHA512

    c0870f71a2d237f90a0bbf982fb69bae82391efb1bb0806af557a406d1d23ec7838e52ab4c8d8144feeec24cd827e78e1506310eab2b1fc831aef17f8cefa87c

  • SSDEEP

    24576:+7hfMeJ3ruTTdFkaasfMLAjJvrypuvGPp+2dhvj8OjzEJjug8q6x5h5T7U9NKLTj:YhfMeVrulF3LCJue5z8OjIJJi

Score
10/10
raccoonrhadamanthyseb3a206cd939601b2a6d00ea009a6d7estealer

Malware Config

Extracted

Family

raccoon

Botnet

eb3a206cd939601b2a6d00ea009a6d7e

C2

http://195.123.241.57/

rc4.plain

Targets

    • Target

      b002e90f98f6643ade82b4d657b920bc.exe

    • Size

      1.6MB

    • MD5

      b002e90f98f6643ade82b4d657b920bc

    • SHA1

      2c56bae21ca4cc1d16c58a7f53add0a8ac54fa57

    • SHA256

      8a1197f828988b534acf6542b5ee75239c35fc94aeeee293e45d1d01d512b29d

    • SHA512

      c0870f71a2d237f90a0bbf982fb69bae82391efb1bb0806af557a406d1d23ec7838e52ab4c8d8144feeec24cd827e78e1506310eab2b1fc831aef17f8cefa87c

    • SSDEEP

      24576:+7hfMeJ3ruTTdFkaasfMLAjJvrypuvGPp+2dhvj8OjzEJjug8q6x5h5T7U9NKLTj:YhfMeVrulF3LCJue5z8OjIJJi

    Score
    10/10
    raccoonrhadamanthyseb3a206cd939601b2a6d00ea009a6d7estealer

    • Detect rhadamanthys stealer shellcode

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks