Overview

overview

10

Static

static

1

File_For-PC_2023.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File_For-PC_2023.exe

  • Size

    6.6MB

  • Sample

    230222-dlekxshf22

  • MD5

    bd15403d5df88d8cc43bebb99c693081

  • SHA1

    2bb14961a9f0bd6e1290f6d40f82e52e0787b76f

  • SHA256

    443d8b32c93c9464b200823b5f7fc6378a26971383e2619c19a0d9dd6ba0b7ba

  • SHA512

    73e2935f3668e15342f3b68ac1fd2d1c78b24377a45f733194e6c1f85060da59358a32e5bd59accaf6fa20d95c61221fc20376efdedc4ec2798447103f9a500e

  • SSDEEP

    196608:cujVzKGt5ZBddwEOa3uqvqFME6d1aZEHQ0cYYBxEG:c2PRdBTdE6d1UEw0cHBK

Score
10/10
raccoonxmrig467a953db8cf896cec6946f6144f8158discoveryminerspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

467a953db8cf896cec6946f6144f8158

C2

http://5.75.182.199/

http://77.91.84.68/

http://80.85.241.20/
rc4.plain

Targets

    • Target

      File_For-PC_2023.exe

    • Size

      6.6MB

    • MD5

      bd15403d5df88d8cc43bebb99c693081

    • SHA1

      2bb14961a9f0bd6e1290f6d40f82e52e0787b76f

    • SHA256

      443d8b32c93c9464b200823b5f7fc6378a26971383e2619c19a0d9dd6ba0b7ba

    • SHA512

      73e2935f3668e15342f3b68ac1fd2d1c78b24377a45f733194e6c1f85060da59358a32e5bd59accaf6fa20d95c61221fc20376efdedc4ec2798447103f9a500e

    • SSDEEP

      196608:cujVzKGt5ZBddwEOa3uqvqFME6d1aZEHQ0cYYBxEG:c2PRdBTdE6d1UEw0cHBK

    Score
    10/10
    raccoonxmrig467a953db8cf896cec6946f6144f8158discoveryminerspywarestealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks