General

  • Target

    Setup.7z

  • Size

    6.4MB

  • Sample

    230202-g4xe8shb6w

  • MD5

    2e5cdf478e113a6ca6a5f71d4ecabfa1

  • SHA1

    a190a3d3d059f733f800bf1a43b94ef8c140a199

  • SHA256

    0ab1e0e461397dbcef2da057f0be7e77faa25a98404787048df615efcac2eadf

  • SHA512

    524002bd976c7e668dc8a59237a87ccbf3d58eee324ede5894bc7196a0a4907ee632bde7d7a619ae292459065d8b59652033be0f8dd1458417c43486ecaf8354

  • SSDEEP

    196608:z0AQGi9o59BzrUSOrKmTv5pw0CGPTrKVWIM6:QGKYrUSO320CG7OVWE

Malware Config

Extracted

Family

raccoon

Botnet

4e27b39e9aaa6403f36702b4d66f5024

C2

http://94.142.138.10/

http://94.142.138.9/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      726.6MB

    • MD5

      ebd5cd599205900317217a63e56682f4

    • SHA1

      deb77205e3a6946f4ebcadc9a38722db1d714fdb

    • SHA256

      5dfabc04464a9083204c71e58dc742bcdc8eeac11db3aad1352ef244fdd9985b

    • SHA512

      7953dab7ec2731f8daf4f3d71fcabbc334f1a179c053df28c4b4365a0eb4ffcb01db95f9c8d378b86dd515644af58ba72a52f1e6910f12e25eeba71c98600a4e

    • SSDEEP

      196608:POLaJJiSb4tlUVHQf6bSU5EuklXBAuFitiB:POOJMXUVHQg7kjB

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks