General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    230515-qq8qsafe97

  • MD5

    dfcd8af092a651342c318ecd8e1b896a

  • SHA1

    e62769eb2b5028591cdd90fdede21951cbee5f22

  • SHA256

    268cf23292607f43072b3b186e17e278ec7bd03055c3903a14f4a82b5b92d1a5

  • SHA512

    8252c7f37d56e39be822f1b55718dabfaa78b4ef24bdb5ee49de24b901c19fbb853221aa5b2fc2016118905cc793d945f6630bc480a7d9998faea1d93f409c21

  • SSDEEP

    24576:eM46r2Y7Yjc/snfvMLx2Quq0QOlAYpEgOlJoLlj1HpZDll3RuQ55313u:eM46+lAYpEgOlJoTll3A

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://194.37.80.221/

xor.plain

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      dfcd8af092a651342c318ecd8e1b896a

    • SHA1

      e62769eb2b5028591cdd90fdede21951cbee5f22

    • SHA256

      268cf23292607f43072b3b186e17e278ec7bd03055c3903a14f4a82b5b92d1a5

    • SHA512

      8252c7f37d56e39be822f1b55718dabfaa78b4ef24bdb5ee49de24b901c19fbb853221aa5b2fc2016118905cc793d945f6630bc480a7d9998faea1d93f409c21

    • SSDEEP

      24576:eM46r2Y7Yjc/snfvMLx2Quq0QOlAYpEgOlJoLlj1HpZDll3RuQ55313u:eM46+lAYpEgOlJoTll3A

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks