General

  • Target

    chatgpt.exe

  • Size

    524KB

  • Sample

    230201-hm2t3aeb3x

  • MD5

    cb82f71d474860c5d6c98946ae220614

  • SHA1

    325eb103af33b126a5d1fea6f63b1b811022f20c

  • SHA256

    e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc

  • SHA512

    0db6d49315653e1a83908f5de32abd109dbc8373c743282e48781102aa19c92cd7847c3efbb867ae5c302714504761bdc2103c3e3fc9690321557feafa4cd7dd

  • SSDEEP

    6144:LYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYj:7p/5R0g6QwlJRGLAIBcosKn7S

Malware Config

Extracted

Family

raccoon

Botnet

ff85621b9b7e77782fcfd9e75aa2a3e1

C2

http://80.85.139.245/

rc4.plain

Targets

    • Target

      chatgpt.exe

    • Size

      524KB

    • MD5

      cb82f71d474860c5d6c98946ae220614

    • SHA1

      325eb103af33b126a5d1fea6f63b1b811022f20c

    • SHA256

      e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc

    • SHA512

      0db6d49315653e1a83908f5de32abd109dbc8373c743282e48781102aa19c92cd7847c3efbb867ae5c302714504761bdc2103c3e3fc9690321557feafa4cd7dd

    • SSDEEP

      6144:LYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYj:7p/5R0g6QwlJRGLAIBcosKn7S

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks