Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Resubmissions

23-02-2023 09:07

230223-k3mfeshb8w 10

22-02-2023 13:48

230222-q4kacadf71 10

21-02-2023 11:15

230221-ncjhmaee87 10

21-02-2023 11:01

230221-m4tl8sgd6w 10

21-02-2023 09:02

230221-kzr7haga9w 10

20-02-2023 12:30

230220-ppg11aba52 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.3MB

  • Sample

    230221-ncjhmaee87

  • MD5

    69df9998a42524225a5b25d2e8a5bd79

  • SHA1

    08d01a8d0a17b6d565eeb38e003a79cda4608ab2

  • SHA256

    1bf1a0cbe61b5693903760d0bff9c3cb53a7c43061437e367b19a77b55aaadfa

  • SHA512

    5b5760e2de414e6fe18df95553b5a1046a613b11252585e35667b804ff06ece7cc210a366509fbf9fb606dd8b5cddd4b613b8d7b70aef431c1241b3dc256d790

  • SSDEEP

    49152:9es+BvKs6POj/T3K2Umsv/kd2BEmgNVfDdv3n9RIZqpCatWuOnqdEb+RPz:ksOFVrTa2E/VEmgNVfDx3nTTrEbQPz

Score
10/10
raccoonvidar813960d8047e2829c4b87de991d706e2490discoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

2.5

Botnet

813

Attributes
  • profile_id

    813

Extracted

Family

raccoon

Botnet

960d8047e2829c4b87de991d706e2490

C2

http://94.142.138.37/

rc4.plain

Targets

    • Target

      file.exe

    • Size

      3.3MB

    • MD5

      69df9998a42524225a5b25d2e8a5bd79

    • SHA1

      08d01a8d0a17b6d565eeb38e003a79cda4608ab2

    • SHA256

      1bf1a0cbe61b5693903760d0bff9c3cb53a7c43061437e367b19a77b55aaadfa

    • SHA512

      5b5760e2de414e6fe18df95553b5a1046a613b11252585e35667b804ff06ece7cc210a366509fbf9fb606dd8b5cddd4b613b8d7b70aef431c1241b3dc256d790

    • SSDEEP

      49152:9es+BvKs6POj/T3K2Umsv/kd2BEmgNVfDdv3n9RIZqpCatWuOnqdEb+RPz:ksOFVrTa2E/VEmgNVfDx3nTTrEbQPz

    Score
    10/10
    vidar813spywarestealerraccoon960d8047e2829c4b87de991d706e2490discovery

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks