Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

Use_2023_As_Passw0rd.rar
Size

2MB
Sample

230203-tssn5abe8v
MD5

ac167d0a42f9ee80900680003201344b
SHA1

7b324840d36fe74a6e623572885615d1c8cfb90a
SHA256

4606a624f66802726b3ab9bb2a7ede844fa62e601d387343c219611d7fb2374a
SHA512

48b9c12c5d00ac6309273b61d280592a7b99bb3482e0adc175321edf0487ebfc6e08baf3752f4b9a9bce8e800d3aba90c54ff287f1df647453b675d0beb27ce8
SSDEEP

49152:lLsfvP6tWOt569LadOo1gNjkpS5pNGPkwhd8qyF6KgC3r4U0ec8giqlpB:Va6tWw69KOVZkKKPbhd8qyt3CeFgiqnB

Score

10^/10

raccoon 6039f7141434542f8fcbabcd7d82455d stealer

Malware Config

Extracted

Family

raccoon

Botnet

6039f7141434542f8fcbabcd7d82455d

C2

http://83.217.11.27/

http://83.217.11.28/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  464MB
- MD5
  
  5c9eaedea9f8d3471e2b941fe3c1f790
- SHA1
  
  72e36c78cd8fd0ad6b98923943c76ff4db5926ce
- SHA256
  
  a7f33cf659584cb8d25e12291a510e206059a4a66aaafc884eea413e5ea7ed67
- SHA512
  
  a4c77155f7fc55e72da5005eb364680b892970f484e9228fb7f14064ddd9727ede778615b1c222ded20419699a47d1a83f39896ff829b227ec6784a80a9313d8
- SSDEEP
  
  49152:yUj5BJeqOnjDmNlqKxOnjDmNlqO/UzbPZHOnjDmNlq/z92:L2UMvSk
Score

10^/10

raccoon 6039f7141434542f8fcbabcd7d82455d stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

raccoon6039f7141434542f8fcbabcd7d82455dstealer

behavioral2

raccoon6039f7141434542f8fcbabcd7d82455dstealer