General

  • Target

    lwg67u9jwvf.exe

  • Size

    800KB

  • Sample

    230701-kd2ttahe2w

  • MD5

    972abf3179291dfac99397b5ae996365

  • SHA1

    8272904cb904a2c2103106023c039ee8515721e0

  • SHA256

    03e96c022c76316f6b1db47895edb89666072c1b7104b863a9d229ea74b2ef0a

  • SHA512

    c4d778f594de65974e53069a79660d7dc1073d2bceea76bcdf1b9037a5e9d6c5cf013b8b45723a255d9a288fb5edb17d110a8b5fef7818b44b1126135c409c74

  • SSDEEP

    12288:I8v8SqEnVG0PmTh+kAUsdKI7iuNpH7K/:cfh+kfG7Dq

Malware Config

Extracted

Family

raccoon

Botnet

ef0d247d8b1fe318a7366ceff90b173d

C2

http://79.137.207.76:80/

xor.plain

Targets

    • Target

      lwg67u9jwvf.exe

    • Size

      800KB

    • MD5

      972abf3179291dfac99397b5ae996365

    • SHA1

      8272904cb904a2c2103106023c039ee8515721e0

    • SHA256

      03e96c022c76316f6b1db47895edb89666072c1b7104b863a9d229ea74b2ef0a

    • SHA512

      c4d778f594de65974e53069a79660d7dc1073d2bceea76bcdf1b9037a5e9d6c5cf013b8b45723a255d9a288fb5edb17d110a8b5fef7818b44b1126135c409c74

    • SSDEEP

      12288:I8v8SqEnVG0PmTh+kAUsdKI7iuNpH7K/:cfh+kfG7Dq

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks