General

  • Target

    74fe33decad5ebdb420b30df8a7b9f85.exe

  • Size

    231KB

  • Sample

    230713-sra71shb92

  • MD5

    74fe33decad5ebdb420b30df8a7b9f85

  • SHA1

    9bdc89934e300f8f9c913c16034a530e9b934a12

  • SHA256

    4b4e2cb90f19ec78d76ee50e62baf1d609efa74716f92cc1f42921716372553a

  • SHA512

    030b5b15b3eeb88125ea594572edc077369ba0e8d6cb1f3693412aa32d37bf2068984cffba12abd87ae1ea25db1e7f1762f1f21ccef6567ce258a07f2a4b5efc

  • SSDEEP

    6144:DecR+w6pFSvGpDbnD6suIhfQFTlPPpMsTOA:DhwweFzpH7Ns9t

Malware Config

Extracted

Family

raccoon

Botnet

3c85f6d12f0866626b35b64056ce8880

C2

http://5.78.98.26:8088/

xor.plain

Targets

    • Target

      74fe33decad5ebdb420b30df8a7b9f85.exe

    • Size

      231KB

    • MD5

      74fe33decad5ebdb420b30df8a7b9f85

    • SHA1

      9bdc89934e300f8f9c913c16034a530e9b934a12

    • SHA256

      4b4e2cb90f19ec78d76ee50e62baf1d609efa74716f92cc1f42921716372553a

    • SHA512

      030b5b15b3eeb88125ea594572edc077369ba0e8d6cb1f3693412aa32d37bf2068984cffba12abd87ae1ea25db1e7f1762f1f21ccef6567ce258a07f2a4b5efc

    • SSDEEP

      6144:DecR+w6pFSvGpDbnD6suIhfQFTlPPpMsTOA:DhwweFzpH7Ns9t

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks