General

  • Target

    PassKeys_2023_FullSetupP80.rar

  • Size

    15.4MB

  • Sample

    230510-16jrpscc7v

  • MD5

    ee401571b4202f1c57a7f91edf1e6625

  • SHA1

    92ef6edc839f7499c4a1c76d5d6e817c886b2d3e

  • SHA256

    a23c2badc47faa9302188bd98ede9e8179001e7988ee4f325547540bb19ee765

  • SHA512

    8bfae3864c381c717042bd92634bfdcccbe2215dd28bd9105341698347545ff6b0060cf08b81969ded93377e1e5444df6f1556de4444b03f740289cfd55788c7

  • SSDEEP

    393216:jNC+NGlcBPKNtr1jVo7Mv9KiN9fhKspxFQBv//:WGBiNtr1RtKinQFvH

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://94.142.138.135/

xor.plain

Targets

    • Target

      PassKeys_2023_FullSetupP80.rar

    • Size

      15.4MB

    • MD5

      ee401571b4202f1c57a7f91edf1e6625

    • SHA1

      92ef6edc839f7499c4a1c76d5d6e817c886b2d3e

    • SHA256

      a23c2badc47faa9302188bd98ede9e8179001e7988ee4f325547540bb19ee765

    • SHA512

      8bfae3864c381c717042bd92634bfdcccbe2215dd28bd9105341698347545ff6b0060cf08b81969ded93377e1e5444df6f1556de4444b03f740289cfd55788c7

    • SSDEEP

      393216:jNC+NGlcBPKNtr1jVo7Mv9KiN9fhKspxFQBv//:WGBiNtr1RtKinQFvH

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks