General

  • Target

    JavaSetup8u241.exe

  • Size

    2.0MB

  • Sample

    230213-3khnmage4t

  • MD5

    a46363bd6e711efc4280f265ba4596e3

  • SHA1

    a1ec2cc60798528073adfef071310f2fbd33e818

  • SHA256

    18eca42a068207866c0e7945902ed8004322e2edb0c6037447ef8e99a16354ba

  • SHA512

    f98ab24897b40eb3594108859e6f807bb31c18c04d7df0a52e02f9ec639f656df0cd5a34e26d4cf2618f561b96478e6f50b7b8191f20102ebeca75832e1bd597

  • SSDEEP

    49152:wWdwkLOcssV3m4tKOV9moNQNJWwQT3xb7CwEztVxmUQF327eJJ:fHVHtK+skQNJWwiyz5mF

Malware Config

Targets

    • Target

      JavaSetup8u241.exe

    • Size

      2.0MB

    • MD5

      a46363bd6e711efc4280f265ba4596e3

    • SHA1

      a1ec2cc60798528073adfef071310f2fbd33e818

    • SHA256

      18eca42a068207866c0e7945902ed8004322e2edb0c6037447ef8e99a16354ba

    • SHA512

      f98ab24897b40eb3594108859e6f807bb31c18c04d7df0a52e02f9ec639f656df0cd5a34e26d4cf2618f561b96478e6f50b7b8191f20102ebeca75832e1bd597

    • SSDEEP

      49152:wWdwkLOcssV3m4tKOV9moNQNJWwQT3xb7CwEztVxmUQF327eJJ:fHVHtK+skQNJWwiyz5mF

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks