General

  • Target

    Notepad_v8.4.1.zip

  • Size

    10MB

  • Sample

    230201-zrghcscb66

  • MD5

    0293796c09ab75efc79907bd86e16d4e

  • SHA1

    7a2168b69c3715c1517959131c6868c76cd2c479

  • SHA256

    09f70fa04cfe8be4dcd2ac58f8c3a8a469f6c70fdf7e236d05cbc9c8c7d40391

  • SHA512

    84a11ac90278cc47c62b6660a264f9d619f49467c3d7d6eb7f98c1a5548409b32845a1a9dd250180f3e6f82e3f9b6eb2ee20bc8fb09499ce40492162683d7d2a

  • SSDEEP

    196608:9ZcHZcEittnpL3qxnSb459dnm5hBdDnPkMB267tybcwkhHOabDzqFIdeFt9Vq:9ZQZGL3RbITQhBdbE6p3wkhHOabDkTXq

Malware Config

Extracted

Family

raccoon

Botnet

6471658e2f49c08476aafe55fb7366b0

C2

http://91.234.254.143/

rc4.plain

Targets

    • Target

      Notepp_v8.4.1.exe

    • Size

      726MB

    • MD5

      b965849f9cb7a5682f7360e2e11e18a7

    • SHA1

      701c9f5c440ba3d66ed2cb811fdf0d70bbb3c752

    • SHA256

      4550a980c9d26b4d8bca56554cf8306035a2f11f008eafe441443eb917f38234

    • SHA512

      fa0c506896aa63aef8b2d0092d5ee8bdbaf28f2fa8f01231bcbe98d11b75216583932dcd0761489e499fefe79d4acbe347197f63fb8bc96c922986f5620fb3f3

    • SSDEEP

      98304:1ebHh5VT5R7wi9co9645B6zQji648PJQ/2uypUJM2SBBbQc0s01aNG6mXh23ViV/:UbHh5h5Fb9cOX6GPJe5yCOnXNhmx2S/

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks