Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MlсrоsоftЕdgеSеtup.appx

  • Size

    3.6MB

  • Sample

    231001-wxnl3sdh68

  • MD5

    de2456b94b4d4019ad591379205ebd6e

  • SHA1

    7f98a888fb52ed5627d7b374439ca14616f68d33

  • SHA256

    788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e

  • SHA512

    abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540

  • SSDEEP

    98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo

Malware Config

Extracted

Family

raccoon

Botnet

5e2505d8647542f05843f89ae7cd18e7

C2

http://5.75.241.110:80

xor.plain

Targets

    • Target

      MlсrоsоftЕdgеSеtup.appx

    • Size

      3.6MB

    • MD5

      de2456b94b4d4019ad591379205ebd6e

    • SHA1

      7f98a888fb52ed5627d7b374439ca14616f68d33

    • SHA256

      788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e

    • SHA512

      abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540

    • SSDEEP

      98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks