Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Fxhdglrvft_JC.exe

  • Size

    816KB

  • Sample

    230901-tm77magb82

  • MD5

    0d4d3fd81be90e306cfbbd19410b4134

  • SHA1

    4c095ad2ac52fe9d4c74faa5b2e2e1c745d97d2e

  • SHA256

    f588278291a1b869c7e0e713ed198607c393600515acfd60137e29bfdbfd4e9b

  • SHA512

    ff8be8dabdd2ca5e07c65a6deb14ca96e5c44cf35977f221f58be91855d3e230c84b6dcec2dd5751eead0e4b05d08f9c8a7f42915591139d650c713dc5a34b4d

  • SSDEEP

    12288:/jaydQ/TxFdbV+wonPGWRVc1gYnFaKVzJ3wSR8n5XhdPPMw:/uydCdbkRVc1gYnF/JJ4XDXM

Malware Config

Extracted

Family

raccoon

Botnet

7f44ae0b7f2c0c657163637ea9cf5563

C2

http://194.213.18.158:80

http://144.217.220.122:80

xor.plain

Targets

    • Target

      Fxhdglrvft_JC.exe

    • Size

      816KB

    • MD5

      0d4d3fd81be90e306cfbbd19410b4134

    • SHA1

      4c095ad2ac52fe9d4c74faa5b2e2e1c745d97d2e

    • SHA256

      f588278291a1b869c7e0e713ed198607c393600515acfd60137e29bfdbfd4e9b

    • SHA512

      ff8be8dabdd2ca5e07c65a6deb14ca96e5c44cf35977f221f58be91855d3e230c84b6dcec2dd5751eead0e4b05d08f9c8a7f42915591139d650c713dc5a34b4d

    • SSDEEP

      12288:/jaydQ/TxFdbV+wonPGWRVc1gYnFaKVzJ3wSR8n5XhdPPMw:/uydCdbkRVc1gYnF/JJ4XDXM

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks