Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

chatgpt.exe
Size

524KB
Sample

230201-hm2t3aeb3x
MD5

cb82f71d474860c5d6c98946ae220614
SHA1

325eb103af33b126a5d1fea6f63b1b811022f20c
SHA256

e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc
SHA512

0db6d49315653e1a83908f5de32abd109dbc8373c743282e48781102aa19c92cd7847c3efbb867ae5c302714504761bdc2103c3e3fc9690321557feafa4cd7dd
SSDEEP

6144:LYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYj:7p/5R0g6QwlJRGLAIBcosKn7S

Score

10^/10

raccoon ff85621b9b7e77782fcfd9e75aa2a3e1 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

ff85621b9b7e77782fcfd9e75aa2a3e1

C2

http://80.85.139.245/

rc4.plain

Targets

- Target
  
  chatgpt.exe
- Size
  
  524KB
- MD5
  
  cb82f71d474860c5d6c98946ae220614
- SHA1
  
  325eb103af33b126a5d1fea6f63b1b811022f20c
- SHA256
  
  e8b1cc1db36f6dd29c489bbc3e644b5596d034403d0d5ba50bb3fbc7799742bc
- SHA512
  
  0db6d49315653e1a83908f5de32abd109dbc8373c743282e48781102aa19c92cd7847c3efbb867ae5c302714504761bdc2103c3e3fc9690321557feafa4cd7dd
- SSDEEP
  
  6144:LYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYj:7p/5R0g6QwlJRGLAIBcosKn7S
Score

10^/10

raccoon ff85621b9b7e77782fcfd9e75aa2a3e1 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

raccoonff85621b9b7e77782fcfd9e75aa2a3e1spywarestealer