Resubmissions

13-05-2023 22:25

230513-2b6tesbg91 10

13-05-2023 22:23

230513-2aznqahe54 5

General

  • Target

    Full version 2.0.rar

  • Size

    33.4MB

  • Sample

    230513-2b6tesbg91

  • MD5

    d27309da2d9955e35ed8857c4e1c3811

  • SHA1

    c401881293f9f490a015a6abe5fa241f3b24bfd9

  • SHA256

    2361f90ff27aa1f3eda6031ab6aa2860bae6bceab468d6ff222d0f1e8bd6c5ab

  • SHA512

    d77871306ff7226234e9dc83156730705e8c0f733fe3262ca0b762b81af7981fea1639e893feb88ae407967d57c1b850951b11bc94f3aaa20bf7670d5a61c709

  • SSDEEP

    786432:hVBJyDMIzgBxGFgVbn0cgzZ1qas1SH3mBL4cW9XP5voU6+h8C:h3JyAbBxsgFn0cgzZ1XHN9hDh8C

Malware Config

Extracted

Family

raccoon

Botnet

f26f614d4c0bc2bcd6601785661fb5cf

C2

http://37.220.87.66/

http://45.9.74.99

xor.plain

Targets

    • Target

      Full version 2.0.rar

    • Size

      33.4MB

    • MD5

      d27309da2d9955e35ed8857c4e1c3811

    • SHA1

      c401881293f9f490a015a6abe5fa241f3b24bfd9

    • SHA256

      2361f90ff27aa1f3eda6031ab6aa2860bae6bceab468d6ff222d0f1e8bd6c5ab

    • SHA512

      d77871306ff7226234e9dc83156730705e8c0f733fe3262ca0b762b81af7981fea1639e893feb88ae407967d57c1b850951b11bc94f3aaa20bf7670d5a61c709

    • SSDEEP

      786432:hVBJyDMIzgBxGFgVbn0cgzZ1qas1SH3mBL4cW9XP5voU6+h8C:h3JyAbBxsgFn0cgzZ1XHN9hDh8C

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Tasks