Resubmissions

16-06-2023 12:03

230616-n8jhhaef3v 10

16-06-2023 11:37

230616-nrne5aeg67 10

15-06-2023 17:20

230615-vwxypaae5x 10

General

  • Target

    Set-up.exe

  • Size

    198.2MB

  • Sample

    230615-vwxypaae5x

  • MD5

    d4802f87e9520dd656714ba3c65add4b

  • SHA1

    0c9431436cc632293f856f11547dfdaeedd8e054

  • SHA256

    6c019eff0a348b52fe76a0a97e564c547cfed86ec01e197a458696563061054d

  • SHA512

    06da0c4017e71d9a1da55cd65423203b53f7e5da3930e34241b64d24be3e3866c39ed48dd10156654a9a45f70f83b12f02972945cf9501e9be30674bef158cfe

  • SSDEEP

    196608:hf1E7bL4wssAcHkklyu74Yb+RcPwYh937sMj98YQYL6dVHkXS1I1F+r5ywYWVBd4:h9Ez4wvZDv+2Zh9Nj953II1FG5yVAhS1

Malware Config

Extracted

Family

raccoon

Botnet

f1c3f7a3e12da19758239f0284e7dc2c

C2

http://37.220.87.66/

xor.plain

Targets

    • Target

      Set-up.exe

    • Size

      198.2MB

    • MD5

      d4802f87e9520dd656714ba3c65add4b

    • SHA1

      0c9431436cc632293f856f11547dfdaeedd8e054

    • SHA256

      6c019eff0a348b52fe76a0a97e564c547cfed86ec01e197a458696563061054d

    • SHA512

      06da0c4017e71d9a1da55cd65423203b53f7e5da3930e34241b64d24be3e3866c39ed48dd10156654a9a45f70f83b12f02972945cf9501e9be30674bef158cfe

    • SSDEEP

      196608:hf1E7bL4wssAcHkklyu74Yb+RcPwYh937sMj98YQYL6dVHkXS1I1F+r5ywYWVBd4:h9Ez4wvZDv+2Zh9Nj953II1FG5yVAhS1

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks