General

  • Target

    NEAS.29e0fe854ed89d25625e9e7869341100.exe

  • Size

    1.4MB

  • Sample

    231026-gs66ased7w

  • MD5

    29e0fe854ed89d25625e9e7869341100

  • SHA1

    e45eb5271a2df56a2c84e6a485b2b2fb554a8a7b

  • SHA256

    a2c4f2145cc4a422a010f0b98ee516e7c3aa0d1020bec2a6c3c541dc3e937c4b

  • SHA512

    d1e0920cb5a5147344a44c1613cf4849f945e4f65d2ba06d469b3f6522686e50ec5154b343f6fd3edec90d5de96fc3bd53a3be381dc1715be9863bd3dcb4514a

  • SSDEEP

    24576:Z4VIxoeb7o4U+3CPFwFo6in10IB3vjmbhfhg1z:Z4VIxoeQOSWFdin2IVvjm/yz

Malware Config

Extracted

Family

raccoon

Botnet

5ff7bc68b712d0b2c95bc2d831e79eaf

C2

http://45.15.156.141:80

Attributes
  • user_agent

    SunShineMoonLight

xor.plain

Targets

    • Target

      NEAS.29e0fe854ed89d25625e9e7869341100.exe

    • Size

      1.4MB

    • MD5

      29e0fe854ed89d25625e9e7869341100

    • SHA1

      e45eb5271a2df56a2c84e6a485b2b2fb554a8a7b

    • SHA256

      a2c4f2145cc4a422a010f0b98ee516e7c3aa0d1020bec2a6c3c541dc3e937c4b

    • SHA512

      d1e0920cb5a5147344a44c1613cf4849f945e4f65d2ba06d469b3f6522686e50ec5154b343f6fd3edec90d5de96fc3bd53a3be381dc1715be9863bd3dcb4514a

    • SSDEEP

      24576:Z4VIxoeb7o4U+3CPFwFo6in10IB3vjmbhfhg1z:Z4VIxoeQOSWFdin2IVvjm/yz

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer payload

    • Downloads MZ/PE file

    • Drops startup file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks