Overview

overview

10

Static

static

1

ha.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ha

  • Size

    1KB

  • Sample

    230627-mp2djadg54

  • MD5

    9f41534e4a1f4e7fbd22484ddf824d2d

  • SHA1

    fdf313a1a173fc493b79c67233ef2b25d5bfa0ad

  • SHA256

    ce91829688aad18f20291fd9d8eaceb96e7cfbba3b0cda28e3972cc346441e55

  • SHA512

    99b3a7be2d6202e1e8c77428e32c63dbf483057e51173788ee644b9c50f0d375382dacce140843744594693aaf4a0033106692239b728482cbe7d184a0fe4ae7

Score
10/10
raccoondiscoverypersistencestealervmprotect

Malware Config

Targets

    • Target

      ha

    • Size

      1KB

    • MD5

      9f41534e4a1f4e7fbd22484ddf824d2d

    • SHA1

      fdf313a1a173fc493b79c67233ef2b25d5bfa0ad

    • SHA256

      ce91829688aad18f20291fd9d8eaceb96e7cfbba3b0cda28e3972cc346441e55

    • SHA512

      99b3a7be2d6202e1e8c77428e32c63dbf483057e51173788ee644b9c50f0d375382dacce140843744594693aaf4a0033106692239b728482cbe7d184a0fe4ae7

    Score
    10/10
    raccoondiscoverypersistencestealervmprotect

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks