Overview

overview

10

Static

static

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.7z

  • Size

    6MB

  • Sample

    230202-g4xe8shb6w

  • MD5

    2e5cdf478e113a6ca6a5f71d4ecabfa1

  • SHA1

    a190a3d3d059f733f800bf1a43b94ef8c140a199

  • SHA256

    0ab1e0e461397dbcef2da057f0be7e77faa25a98404787048df615efcac2eadf

  • SHA512

    524002bd976c7e668dc8a59237a87ccbf3d58eee324ede5894bc7196a0a4907ee632bde7d7a619ae292459065d8b59652033be0f8dd1458417c43486ecaf8354

  • SSDEEP

    196608:z0AQGi9o59BzrUSOrKmTv5pw0CGPTrKVWIM6:QGKYrUSO320CG7OVWE

Score
10/10
raccoon4e27b39e9aaa6403f36702b4d66f5024discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

4e27b39e9aaa6403f36702b4d66f5024

C2

http://94.142.138.10/

http://94.142.138.9/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      726MB

    • MD5

      ebd5cd599205900317217a63e56682f4

    • SHA1

      deb77205e3a6946f4ebcadc9a38722db1d714fdb

    • SHA256

      5dfabc04464a9083204c71e58dc742bcdc8eeac11db3aad1352ef244fdd9985b

    • SHA512

      7953dab7ec2731f8daf4f3d71fcabbc334f1a179c053df28c4b4365a0eb4ffcb01db95f9c8d378b86dd515644af58ba72a52f1e6910f12e25eeba71c98600a4e

    • SSDEEP

      196608:POLaJJiSb4tlUVHQf6bSU5EuklXBAuFitiB:POOJMXUVHQg7kjB

    Score
    10/10
    raccoon4e27b39e9aaa6403f36702b4d66f5024discoveryspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks