General

  • Target

    Setup.exe

  • Size

    6.6MB

  • Sample

    230221-dylvrsfc8s

  • MD5

    1aa4f37c461ca22fa518c032e67739df

  • SHA1

    892671ee0891a557f69d37a950e179fecb3c05ab

  • SHA256

    d034c82de08e2aabe9f27089610a46d42fa741cfcaedec06a016810c660b402c

  • SHA512

    fabecaaade6f73e2b5cf51f7f51044104f70da6f5f345dd225e72a2b2c5cb1649a7be9d642dee837638199eab9787bcbf1b6c271136f29b8a51820b4b1d3c560

  • SSDEEP

    196608:wy0w8mRdALuABSnzSdUbiEQt9nSXMojADLgO+xKl:yEMudzHOEQt0jsgOaKl

Malware Config

Extracted

Family

raccoon

Botnet

e8079d22e46847399691305c53f6386c

C2

http://83.217.11.34

http://83.217.11.35

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      6.6MB

    • MD5

      1aa4f37c461ca22fa518c032e67739df

    • SHA1

      892671ee0891a557f69d37a950e179fecb3c05ab

    • SHA256

      d034c82de08e2aabe9f27089610a46d42fa741cfcaedec06a016810c660b402c

    • SHA512

      fabecaaade6f73e2b5cf51f7f51044104f70da6f5f345dd225e72a2b2c5cb1649a7be9d642dee837638199eab9787bcbf1b6c271136f29b8a51820b4b1d3c560

    • SSDEEP

      196608:wy0w8mRdALuABSnzSdUbiEQt9nSXMojADLgO+xKl:yEMudzHOEQt0jsgOaKl

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks