Resubmissions

09-02-2023 06:26

230209-g7kwlsfh89 10

General

  • Target

    Complete_Setup_Downloaded.zip

  • Size

    6.4MB

  • Sample

    230209-g7kwlsfh89

  • MD5

    165bffcb2236b7cac6fe68b80fd32d72

  • SHA1

    b74ea327c96e628b3a18c5598b43f18bdad4ee05

  • SHA256

    7947fd2dcbc253e8b473b613522a5780000d20169c1262281ea5b5563051fdfc

  • SHA512

    181971dbfd75f4978abf86dd15c9fdcc0f1a953afbfd94e46e5a9f6584a152b50e2a668a798f28b4ff9e79dc6846e97d7913274264454c65c4951abf794ade5b

  • SSDEEP

    98304:O8VyqABtr3P/priBJeFD2Kc9JSgKuSvMRSR43fyvkW6z4ju07l7HBYS:oFBd3PFiGl2PnSXuS3cfyN/juoNBp

Malware Config

Extracted

Family

raccoon

Botnet

599808851ef410d49f93180efd636851

C2

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/

http://45.15.156.222/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      471.6MB

    • MD5

      7bedf8f8d9ba0b08c0e94ee702901c60

    • SHA1

      ddf9f0144414a25b54e22a25a745b9b382f6cb79

    • SHA256

      61a46d25f7a94e8d145570c95e2c6482728c7ddadc51102f453742282937851a

    • SHA512

      26169f8917f605c95fc6d127cda8af6114b938b4291b8d29896f304c01033b156a2a01256bc9561e410fb982164be5b9161870d1272d3f2260ee383e94359bde

    • SSDEEP

      98304:DAZ5L7t/p5iBFKJj2ia1JsEWQefQ3Et4lxQR+m8DYtM21etH:8Z97tLiK12BvstQeVsxQP3tMk8

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

3
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks