Overview

overview

10

Static

static

1

BankStatem...03.xll

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BankStatement-1675357103.xll

  • Size

    75KB

  • Sample

    230202-vx7vaagf2s

  • MD5

    3b4e9b099644a02a9f8e14041cfc985a

  • SHA1

    4eec7644f504459704e0af6d9d1795a6aba309e5

  • SHA256

    999fe8e715aa1c1cf5554c6848ecaa3d86b5bbd73bd116452a85ec5fa92a9d4a

  • SHA512

    272c46937b3ec4bc7290892c8f2840183ee1da9f9ed9123ffdae4c0884db5bfd66cb587b4233b9448a7e54e2dc7e212bc59bd92eedb3a4e6b1cae276a5e9b286

  • SSDEEP

    1536:HrWxe1H0XUKfwZeJ2Uf3CZxf7vrk6exBmY:yxeRuUKfwZ0pf3CZxj0Bb

Score
10/10
raccoon470ed711dadd97d5f2669317d6d3ee7dspywarestealer

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

raccoon

Botnet

470ed711dadd97d5f2669317d6d3ee7d

C2

http://102.130.113.39

rc4.plain

Targets

    • Target

      BankStatement-1675357103.xll

    • Size

      75KB

    • MD5

      3b4e9b099644a02a9f8e14041cfc985a

    • SHA1

      4eec7644f504459704e0af6d9d1795a6aba309e5

    • SHA256

      999fe8e715aa1c1cf5554c6848ecaa3d86b5bbd73bd116452a85ec5fa92a9d4a

    • SHA512

      272c46937b3ec4bc7290892c8f2840183ee1da9f9ed9123ffdae4c0884db5bfd66cb587b4233b9448a7e54e2dc7e212bc59bd92eedb3a4e6b1cae276a5e9b286

    • SSDEEP

      1536:HrWxe1H0XUKfwZeJ2Uf3CZxf7vrk6exBmY:yxeRuUKfwZ0pf3CZxj0Bb

    Score
    10/10
    raccoon470ed711dadd97d5f2669317d6d3ee7dspywarestealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks