General

  • Target

    setuptorrent.exe

  • Size

    659KB

  • Sample

    230225-s1b6nsdd31

  • MD5

    75e0f3de613eb6ee9194115dc464966c

  • SHA1

    d4fdea8d3b6370b74a8e3e5660db47f18fe423a1

  • SHA256

    b84ee931e8db117173345b24f6e25b1fd45e4179d0dc0c4057c07396df614d21

  • SHA512

    26090c3c943b3a5a60303281117c66e64c7799839605cc9f713f1ff625163f3b7ff1e22d8d00392a355146f57e90574656e69d54a92c722bf9ba2b54af899f08

  • SSDEEP

    3072:PahKyd2n31qQ5DAoieXpw7vbKfShk8GMD2TKV435U9veML:PahOUoie5w7lf/9x

Malware Config

Extracted

Family

raccoon

Botnet

8fb7b851641d456f39570978e99f780e

C2

http://45.15.156.239/

rc4.plain

Targets

    • Target

      setuptorrent.exe

    • Size

      659KB

    • MD5

      75e0f3de613eb6ee9194115dc464966c

    • SHA1

      d4fdea8d3b6370b74a8e3e5660db47f18fe423a1

    • SHA256

      b84ee931e8db117173345b24f6e25b1fd45e4179d0dc0c4057c07396df614d21

    • SHA512

      26090c3c943b3a5a60303281117c66e64c7799839605cc9f713f1ff625163f3b7ff1e22d8d00392a355146f57e90574656e69d54a92c722bf9ba2b54af899f08

    • SSDEEP

      3072:PahKyd2n31qQ5DAoieXpw7vbKfShk8GMD2TKV435U9veML:PahOUoie5w7lf/9x

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks