Overview

overview

10

Static

static

BankStatem...67.xll

windows7-x64

7

BankStatem...67.xll

windows10-2004-x64

10

Resubmissions

31-01-2023 14:52

230131-r8zq9sgg69 10

31-01-2023 14:50

230131-r7z1msaf5z 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BankStatement-1675176567.xll

  • Size

    75KB

  • Sample

    230131-r8zq9sgg69

  • MD5

    ad0b110ff2ecc9cb8243358b4cd2eaf1

  • SHA1

    5c87fbef6bc4cfda56d837f3be724d9a0528d7f7

  • SHA256

    448e4cbdfc4374985301a5f58b44495cbc7a9ce1457b0e290903534ea31c5aa4

  • SHA512

    34174c0e8a630e53af532aeb67d7077b9d71807368273e7ee362f3b86d7a95aa6a880003871d408aa017090ae3db0d16b0c78e5e35d916fb01659c0a4e9b5d36

  • SSDEEP

    768:RWPEHLuWs0sxOUKVfZ4ntEdUl9318F/ARYCD6DgUach39MHmqCegBY1iABMQ:qkL40XUKVfZ4nt+UL3180ErX8mfBcBMQ

Score
10/10
raccoon470ed711dadd97d5f2669317d6d3ee7dstealer

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

raccoon

Botnet

470ed711dadd97d5f2669317d6d3ee7d

C2

http://102.130.113.39

rc4.plain

Targets

    • Target

      BankStatement-1675176567.xll

    • Size

      75KB

    • MD5

      ad0b110ff2ecc9cb8243358b4cd2eaf1

    • SHA1

      5c87fbef6bc4cfda56d837f3be724d9a0528d7f7

    • SHA256

      448e4cbdfc4374985301a5f58b44495cbc7a9ce1457b0e290903534ea31c5aa4

    • SHA512

      34174c0e8a630e53af532aeb67d7077b9d71807368273e7ee362f3b86d7a95aa6a880003871d408aa017090ae3db0d16b0c78e5e35d916fb01659c0a4e9b5d36

    • SSDEEP

      768:RWPEHLuWs0sxOUKVfZ4ntEdUl9318F/ARYCD6DgUach39MHmqCegBY1iABMQ:qkL40XUKVfZ4nt+UL3180ErX8mfBcBMQ

    Score
    10/10
    raccoon470ed711dadd97d5f2669317d6d3ee7dstealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks