General
-
Target
BankStatement-1675331125.xll
-
Size
74KB
-
Sample
230202-lscc5sff97
-
MD5
5c287794bace944ead0a08e983d01189
-
SHA1
96985e797089f12ce9d93f3c64014835ce93e427
-
SHA256
283e57e344d4c651c214a7d92c560129b99196c444df3afda07d3bd03c73d578
-
SHA512
e07791637149e4d11f72913b15e34b63b60aa0baa6613e69e209dde7d575cbed8ce564b4a4cae8ba5dd2b046274c45e7f532d50712f77e3bf32e9767eaa72a3d
-
SSDEEP
768:6yNyZbRL5TDs0sxOUKBbZU1h4UG93elR/APDKILoJh39McLDIVdT1iHBmY:MZbJ5k0XUKBbZU12U43elwSf/IWBmY
Malware Config
Extracted
Extracted
raccoon
470ed711dadd97d5f2669317d6d3ee7d
http://102.130.113.39
Targets
-
-
Target
BankStatement-1675331125.xll
-
Size
74KB
-
MD5
5c287794bace944ead0a08e983d01189
-
SHA1
96985e797089f12ce9d93f3c64014835ce93e427
-
SHA256
283e57e344d4c651c214a7d92c560129b99196c444df3afda07d3bd03c73d578
-
SHA512
e07791637149e4d11f72913b15e34b63b60aa0baa6613e69e209dde7d575cbed8ce564b4a4cae8ba5dd2b046274c45e7f532d50712f77e3bf32e9767eaa72a3d
-
SSDEEP
768:6yNyZbRL5TDs0sxOUKBbZU1h4UG93elR/APDKILoJh39McLDIVdT1iHBmY:MZbJ5k0XUKBbZU12U43elwSf/IWBmY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation