General

  • Target

    LightShot.exe

  • Size

    658.8MB

  • Sample

    230131-s2mc2aag6y

  • MD5

    7498c0158ad765149200b1222d5ec8c6

  • SHA1

    8d5471e0bf67ff79ce0950cc96a96fb5eed9baa1

  • SHA256

    8cc6779bf19be7bd3dd77c0dac407b99efcab5c288f213037ae0983f369c99d8

  • SHA512

    cb3559671a9a9e870cf1a38f2202bc4209b40e342520d3fc2acdcb1d0493b47840276bc69f7b4be54f0c4e8ea90a472c3f75b81f45db7a9f122c162c12b5c0d5

  • SSDEEP

    12288:1p/5R0g6QwlJRGLAIBcosKn7SE1chc3wZbM2XhGcmOZMDomIoH3LdrscwZ6VHZY+:1x6n7RGhBcosKn7Z1wXV1q

Malware Config

Extracted

Family

raccoon

Botnet

ff85621b9b7e77782fcfd9e75aa2a3e1

C2

http://80.85.139.245/

rc4.plain

Targets

    • Target

      LightShot.exe

    • Size

      658.8MB

    • MD5

      7498c0158ad765149200b1222d5ec8c6

    • SHA1

      8d5471e0bf67ff79ce0950cc96a96fb5eed9baa1

    • SHA256

      8cc6779bf19be7bd3dd77c0dac407b99efcab5c288f213037ae0983f369c99d8

    • SHA512

      cb3559671a9a9e870cf1a38f2202bc4209b40e342520d3fc2acdcb1d0493b47840276bc69f7b4be54f0c4e8ea90a472c3f75b81f45db7a9f122c162c12b5c0d5

    • SSDEEP

      12288:1p/5R0g6QwlJRGLAIBcosKn7SE1chc3wZbM2XhGcmOZMDomIoH3LdrscwZ6VHZY+:1x6n7RGhBcosKn7Z1wXV1q

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks