General

  • Target

    Ableton Live 11 Setup.exe

  • Size

    726MB

  • Sample

    230203-sy83mafh69

  • MD5

    319616d8d09508aa9c69650d6c23122d

  • SHA1

    c899d317ecb3a3f2f42a4b354aae309bb2b882a7

  • SHA256

    216d2e14d6fceb86fb8cfcf9dd44078754374865d4ec9178771bc0bb889e4a57

  • SHA512

    eb16d33d42d88de29df3429c9841a8f0365fd92ab02ed9b149c2f01e099d420dc109b3d4a74cb6f70702094386b8361793f62592b7ac6c04e10d3ea3fd1f58eb

  • SSDEEP

    196608:0KJZn0pjP4Hxrx8ABvYU446EezqRJSzZVgxY:RqURrx8O42ezqRJSdVf

Malware Config

Extracted

Family

raccoon

Botnet

e03a7d21cf6c27d1c1b42b2ef6c4d83f

C2

http://135.181.68.23/

rc4.plain

Targets

    • Target

      Ableton Live 11 Setup.exe

    • Size

      726MB

    • MD5

      319616d8d09508aa9c69650d6c23122d

    • SHA1

      c899d317ecb3a3f2f42a4b354aae309bb2b882a7

    • SHA256

      216d2e14d6fceb86fb8cfcf9dd44078754374865d4ec9178771bc0bb889e4a57

    • SHA512

      eb16d33d42d88de29df3429c9841a8f0365fd92ab02ed9b149c2f01e099d420dc109b3d4a74cb6f70702094386b8361793f62592b7ac6c04e10d3ea3fd1f58eb

    • SSDEEP

      196608:0KJZn0pjP4Hxrx8ABvYU446EezqRJSzZVgxY:RqURrx8O42ezqRJSdVf

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks