Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    CompleteSetup_Full_Version.rar

  • Size

    17.0MB

  • Sample

    230402-vv41lsah3z

  • MD5

    bc6cb023f23e6d53f2f059d424f4738f

  • SHA1

    898898c3325c384213d1d9c3daf75b0691bb7c02

  • SHA256

    357fa83576ea6b70d17a9a22c049065817b89edad52a7a4cdcb4d2e9e0f9a0e0

  • SHA512

    87790838ed68bd5c90f12a705a44bc9926a2be78c6511ac5a4ce4f27d51efc6a33e1fe9bf22f2a6089f40428ef236b231fa3d73d90d5dbdd7aee6db4d680aece

  • SSDEEP

    393216:xVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77MX:xVPe9w7r0str3Nc8WmZcaPODAfZ77y

Malware Config

Extracted

Family

raccoon

Botnet

23883deb102ef0839fbfe8fcef1a5fc7

C2

http://37.220.87.68

http://83.217.11.10

rc4.plain

Targets

    • Target

      CompleteSetup_Full_Version.rar

    • Size

      17.0MB

    • MD5

      bc6cb023f23e6d53f2f059d424f4738f

    • SHA1

      898898c3325c384213d1d9c3daf75b0691bb7c02

    • SHA256

      357fa83576ea6b70d17a9a22c049065817b89edad52a7a4cdcb4d2e9e0f9a0e0

    • SHA512

      87790838ed68bd5c90f12a705a44bc9926a2be78c6511ac5a4ce4f27d51efc6a33e1fe9bf22f2a6089f40428ef236b231fa3d73d90d5dbdd7aee6db4d680aece

    • SSDEEP

      393216:xVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77MX:xVPe9w7r0str3Nc8WmZcaPODAfZ77y

    Score
    3/10
    • Target

      Full_PassWord.txt

    • Size

      1.1MB

    • MD5

      7fd66ca3b881ea3c12ba8463d1c5392f

    • SHA1

      5639c4f7895f9c20e1bf310b6554d0ef80bdb9bb

    • SHA256

      041a5d50e9a15622ba4d04b38f2474e3bd3df6a5035fb7d71efbc872bb8876bd

    • SHA512

      40bf14ca1452fa6afed86e26b245ffbf428781b61dd25d16bba503efd8d416c3aab5b0ee7cfbd0cc9df3b7461caeba0ff1196b260fe591e63984da85aeb27844

    • SSDEEP

      24:bZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZz:n

    Score
    1/10
    • Target

      Newest_Setup_2023_As_PassKey.rar

    • Size

      17.0MB

    • MD5

      ea179d1c184f1e06ecdf6108d830e433

    • SHA1

      b37571ad67cb43ccc1636405c79038c2bd1a4278

    • SHA256

      00ff2c14c57fb9bfdf0a25f6c77195f3d8a61227388aca640586d00753a7acea

    • SHA512

      3f376e5b54fcc465dad677012a40bbeb75096698cadeba4966bf0fcc94330c9aae3d14d235c536b83590d0d9fadf2f22a74e7c50b3694e88b9c1168489945fd0

    • SSDEEP

      393216:tVPeIaw7r0sXdzF6ANGfx4NmD8xo4rKAf9d92aMkOJSfa8TfZ77M3:tVPe9w7r0str3Nc8WmZcaPODAfZ772

    Score
    3/10
    • Target

      LicenseKey.txt

    • Size

      198KB

    • MD5

      7ecd140d52e88b065fcb7d16946b424c

    • SHA1

      1e6dec0e0bf63ba76202501d1eb9ee511ac0a59d

    • SHA256

      aeda454a0b1ade74b120e3261af6a5cee990fe95a5c4848c7dd6334841c335c3

    • SHA512

      dc93dc4e57a9f1a0d2cf88a4975dd99edae025baa669112d93aae0c3b2c31c1f0960fc4724f2cf9d36a1adb167d3116620de3308e9d55f886bf831dd5147904f

    • SSDEEP

      3:tW7pwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpwpww:k0

    Score
    1/10
    • Target

      SetupFile.exe

    • Size

      1023.0MB

    • MD5

      3cd7c34bdce2201ec403163fa34bc67e

    • SHA1

      87f1dd22c67315d6a823b244d6fe72758273c45a

    • SHA256

      6d67096d24aef535924b065b49bc2f8b8dbe717d7e4ecae4e5daa45dcc2e193d

    • SHA512

      c6c78986eb86ad2793215b187829d8b760047344ac6dfc9d5e38cc84035f7c20cd3c92435cce4b81157f0e4d942fdd97bbe9417a5241312399502f0ab585ef8d

    • SSDEEP

      196608:NYzLzScvgh3AADZ7sMHEXBhb8Jrznl32LUTxqLrkSdNMjGYQcH7WTyCWxxPajesG:mjScvgh3A4dLHEx0rILKxC3+bGy96eyg

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks