General

  • Target

    Use_2023_As_Passw0rd.rar

  • Size

    2.3MB

  • Sample

    230203-tssn5abe8v

  • MD5

    ac167d0a42f9ee80900680003201344b

  • SHA1

    7b324840d36fe74a6e623572885615d1c8cfb90a

  • SHA256

    4606a624f66802726b3ab9bb2a7ede844fa62e601d387343c219611d7fb2374a

  • SHA512

    48b9c12c5d00ac6309273b61d280592a7b99bb3482e0adc175321edf0487ebfc6e08baf3752f4b9a9bce8e800d3aba90c54ff287f1df647453b675d0beb27ce8

  • SSDEEP

    49152:lLsfvP6tWOt569LadOo1gNjkpS5pNGPkwhd8qyF6KgC3r4U0ec8giqlpB:Va6tWw69KOVZkKKPbhd8qyt3CeFgiqnB

Malware Config

Extracted

Family

raccoon

Botnet

6039f7141434542f8fcbabcd7d82455d

C2

http://83.217.11.27/

http://83.217.11.28/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      465.0MB

    • MD5

      5c9eaedea9f8d3471e2b941fe3c1f790

    • SHA1

      72e36c78cd8fd0ad6b98923943c76ff4db5926ce

    • SHA256

      a7f33cf659584cb8d25e12291a510e206059a4a66aaafc884eea413e5ea7ed67

    • SHA512

      a4c77155f7fc55e72da5005eb364680b892970f484e9228fb7f14064ddd9727ede778615b1c222ded20419699a47d1a83f39896ff829b227ec6784a80a9313d8

    • SSDEEP

      49152:yUj5BJeqOnjDmNlqKxOnjDmNlqO/UzbPZHOnjDmNlq/z92:L2UMvSk

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks