General
-
Target
Ableton Live 11 Setup.exe
-
Size
726MB
-
Sample
230203-sy83mafh69
-
MD5
319616d8d09508aa9c69650d6c23122d
-
SHA1
c899d317ecb3a3f2f42a4b354aae309bb2b882a7
-
SHA256
216d2e14d6fceb86fb8cfcf9dd44078754374865d4ec9178771bc0bb889e4a57
-
SHA512
eb16d33d42d88de29df3429c9841a8f0365fd92ab02ed9b149c2f01e099d420dc109b3d4a74cb6f70702094386b8361793f62592b7ac6c04e10d3ea3fd1f58eb
-
SSDEEP
196608:0KJZn0pjP4Hxrx8ABvYU446EezqRJSzZVgxY:RqURrx8O42ezqRJSdVf
Malware Config
Extracted
raccoon
e03a7d21cf6c27d1c1b42b2ef6c4d83f
http://135.181.68.23/
Targets
-
-
Target
Ableton Live 11 Setup.exe
-
Size
726MB
-
MD5
319616d8d09508aa9c69650d6c23122d
-
SHA1
c899d317ecb3a3f2f42a4b354aae309bb2b882a7
-
SHA256
216d2e14d6fceb86fb8cfcf9dd44078754374865d4ec9178771bc0bb889e4a57
-
SHA512
eb16d33d42d88de29df3429c9841a8f0365fd92ab02ed9b149c2f01e099d420dc109b3d4a74cb6f70702094386b8361793f62592b7ac6c04e10d3ea3fd1f58eb
-
SSDEEP
196608:0KJZn0pjP4Hxrx8ABvYU446EezqRJSzZVgxY:RqURrx8O42ezqRJSdVf
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation