General

  • Target

    Pass_1234_Setup.rar

  • Size

    12.7MB

  • Sample

    230521-y9ynxscc62

  • MD5

    d2bbda42aff1c2c60e7e069b253a6054

  • SHA1

    232d900184e86da2ba8dea5d9c0a0214d07281bc

  • SHA256

    9dfbd450c6a2ee41cc9c41fc7b14482ade86ae616e653f86b99c5364a3c8a29e

  • SHA512

    a6a5956edde1dd83f385a5d2d1a7004a0c5fe85052401d377e455dc4ce6d052ddf6b20a8b73359ac3d8626c278791c220df0c19374239f144c3e1be04a60db1a

  • SSDEEP

    196608:EQBj1xPri7VOgSvAs/HxWx4jHP1nbzCSb8MChjkCcjrsUf7U5vJ7ANO2XBaF:EA1xriBZS5xWxQpbMhjBsrsUf7ARMOhF

Malware Config

Extracted

Family

raccoon

Botnet

050dad105856ba55897f2cb8fb7dd979

C2

http://94.142.138.174/

xor.plain

Targets

    • Target

      Setup.exe

    • Size

      20.3MB

    • MD5

      4213964177b76ed3c80ae916846c52d1

    • SHA1

      cbcef61bdcc3ba07bdb0c05c7560ddd2ede4218b

    • SHA256

      5dbfdda6d49989ea02876732fe870a0f8228790a1649af363c1892833339e922

    • SHA512

      15bfc090dff694ea9cff3b8c09cc2e18e9b35f069aba27b7bae95887a0f072106f7edebeba3a8fd483d1b118e54b16be3c2819032099b0c460fa64c191fa55fd

    • SSDEEP

      393216:SR97H7lH5xjn/MxCvBIxiCNmzhaAgtHzGp:S/7N5l0wvyxiCNegq

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks