General
-
Target
BankStatement-1675357103.xll
-
Size
75KB
-
Sample
230202-vx7vaagf2s
-
MD5
3b4e9b099644a02a9f8e14041cfc985a
-
SHA1
4eec7644f504459704e0af6d9d1795a6aba309e5
-
SHA256
999fe8e715aa1c1cf5554c6848ecaa3d86b5bbd73bd116452a85ec5fa92a9d4a
-
SHA512
272c46937b3ec4bc7290892c8f2840183ee1da9f9ed9123ffdae4c0884db5bfd66cb587b4233b9448a7e54e2dc7e212bc59bd92eedb3a4e6b1cae276a5e9b286
-
SSDEEP
1536:HrWxe1H0XUKfwZeJ2Uf3CZxf7vrk6exBmY:yxeRuUKfwZ0pf3CZxj0Bb
Malware Config
Extracted
Extracted
raccoon
470ed711dadd97d5f2669317d6d3ee7d
http://102.130.113.39
Targets
-
-
Target
BankStatement-1675357103.xll
-
Size
75KB
-
MD5
3b4e9b099644a02a9f8e14041cfc985a
-
SHA1
4eec7644f504459704e0af6d9d1795a6aba309e5
-
SHA256
999fe8e715aa1c1cf5554c6848ecaa3d86b5bbd73bd116452a85ec5fa92a9d4a
-
SHA512
272c46937b3ec4bc7290892c8f2840183ee1da9f9ed9123ffdae4c0884db5bfd66cb587b4233b9448a7e54e2dc7e212bc59bd92eedb3a4e6b1cae276a5e9b286
-
SSDEEP
1536:HrWxe1H0XUKfwZeJ2Uf3CZxf7vrk6exBmY:yxeRuUKfwZ0pf3CZxj0Bb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation