General

  • Target

    43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908.zip

  • Size

    4.4MB

  • Sample

    230321-r3686ade3v

  • MD5

    2cddfb1c85f0f71dc1c6b7881f51e736

  • SHA1

    67058270a7688a5bfd24291966c93f77c150a193

  • SHA256

    ec77d8e5e9ad405e74bc0780d1fd6b4070dfd155a0556ef3288ac493a1f28448

  • SHA512

    00b4f2f991337d29fdd23e580dbcb6407e2524c26c8cc89daf47b9a881cd2d5bae69fe5596d491de9a41103871551467bcfaf6f7bb5c3aae561ea122a84724aa

  • SSDEEP

    98304:svD85p47TRevNW0hxW1s5DcjTPJONcKnFLnLR41zsLwBS:svD85pEeFfh8GyFKpnlOMX

Malware Config

Extracted

Family

raccoon

Botnet

8fb7b851641d456f39570978e99f780e

C2

http://45.15.156.239/

rc4.plain

Targets

    • Target

      43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908.exe

    • Size

      8.4MB

    • MD5

      dcbe1dec97959e20853fd760b6900c01

    • SHA1

      e8429524690350ca306badc5db81fa1e4c8becf1

    • SHA256

      43f13ec00b6df87637b5863be3ffe01fc85947a8918f567c1713dd8a4d6ba908

    • SHA512

      c27b6f7d2d15228dd7bf5ffb996b4e4c800758114fad653ea6107605b23d73184b78ef410eee422ea5668a431c949c913ae17ded5de2760f61b436336436b013

    • SSDEEP

      98304:AnEzmlSLRyvNFTeM9jgDubUynvFq5xS8Rr7pLfZNlT3/Msj:AES2Ryv/TU6bnvARr77/Msj

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks