Overview

overview

10

Static

static

10

Setup.exe

windows10-1703-x64

10

Resubmissions

19-06-2023 07:18

230619-h41ckacc97 10

19-06-2023 07:06

230619-hw4p1sdd8w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe.zip

  • Size

    4.4MB

  • Sample

    230619-h41ckacc97

  • MD5

    9622d03e272aee76114cc638f24fea73

  • SHA1

    7ab56e5f73a354fd98e7553b5d8034dbc96f2cf5

  • SHA256

    3a3844ddad30c77a4781a774d733818db7459e03c05d089315f60f6938ab8195

  • SHA512

    09d3084f67877267b117ce760fdd12f474ac9341d6a08ae82e64b5d07d372b601e69602894b3a2f58da2e88b18b735157656c52319b1f34cd0811b1f6c6d192b

  • SSDEEP

    98304:OR+eyWZBY1tqfc8Dyzj009r7VXp3/oRmElvnyF7aRbLAe4mjH/YPjU:OBBvrfryv0MXp3/oRvKF2dAGQPo

Score
10/10
raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan

Malware Config

Extracted

Family

raccoon

Botnet

d4074b8c479181b90e810443a9405f3c

C2

http://37.220.87.44/

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/
xor.plain

Targets

    • Target

      Setup.exe

    • Size

      465.5MB

    • MD5

      ba1f367857d1efa868bb71681e1e1420

    • SHA1

      0d7917e7808a365ec09c6a848f6d20266114a662

    • SHA256

      bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13

    • SHA512

      dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88

    • SSDEEP

      49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM

    Score
    10/10
    raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks