Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7538ac9e7b96e8d73364bf0b6b9b6c32
-
Size
19.1MB
-
Sample
240125-w9ff8sdgdl
-
MD5
7538ac9e7b96e8d73364bf0b6b9b6c32
-
SHA1
e55e30ad935594489424839e6025064bd8c13717
-
SHA256
bddd91f972e2fa78e6811aaf3629201dbec33f9b3f284d1d333b6e426539095d
-
SHA512
cd161929ed0d99037f9f7a1f75596e01c2b6bdfc72887aaf6ee09fa40b1819f5c69527a63730a3ef90eee3cd8462738164ffa2537d9042499433ece7a8a6ec22
-
SSDEEP
393216:q+fzawW8ZprOBi/o3CfKFcR0vPhfzQJKBQl5Pdw9XgG+GHcC:nzBWErxo3CfKF3hfzuKBQP4wGHcC
Malware Config
Extracted
raccoon
1.7.3
0343d4da493d263f78921a8724ca6adf05347cfe
-
url4cnc
https://telete.in/jbitchsucks
Targets
-
-
Target
7538ac9e7b96e8d73364bf0b6b9b6c32
-
Size
19.1MB
-
MD5
7538ac9e7b96e8d73364bf0b6b9b6c32
-
SHA1
e55e30ad935594489424839e6025064bd8c13717
-
SHA256
bddd91f972e2fa78e6811aaf3629201dbec33f9b3f284d1d333b6e426539095d
-
SHA512
cd161929ed0d99037f9f7a1f75596e01c2b6bdfc72887aaf6ee09fa40b1819f5c69527a63730a3ef90eee3cd8462738164ffa2537d9042499433ece7a8a6ec22
-
SSDEEP
393216:q+fzawW8ZprOBi/o3CfKFcR0vPhfzQJKBQl5Pdw9XgG+GHcC:nzBWErxo3CfKF3hfzuKBQP4wGHcC
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V1 payload
-
UAC bypass
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1BITS Jobs
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1