General

  • Target

    838ec5f6c016c8ab0dff3fd8a8ec3c0e

  • Size

    31.9MB

  • Sample

    240131-f34x9aeabn

  • MD5

    838ec5f6c016c8ab0dff3fd8a8ec3c0e

  • SHA1

    6375bc6c829d5b034a8c9b16e8a24ea58d88a02d

  • SHA256

    7130f3050718b8dc5bcf760bf129dc68da5285d058d59d27ae3f2c667c7a8809

  • SHA512

    a8c132a01d64d3b8502657f987be2f535beb213b36b0a6d0e3aa713b21afca2f7e9c0ae8877e0cd6b886f09148fdc974c718128e949b03b6a379c47dd26ef9e0

  • SSDEEP

    786432:FSIU2l8aiTYe63KgsXHYcTUYkaZQb0jI9E4+5kNaX1ku4:FLl8awO6gKYctkjYJD5D1p4

Malware Config

Extracted

Family

raccoon

Botnet

4bef66f8138585a66c6d2f5396aaccdae864cd1e

Attributes
  • url4cnc

    https://telete.in/jbitchsucks

rc4.plain
rc4.plain

Targets

    • Target

      838ec5f6c016c8ab0dff3fd8a8ec3c0e

    • Size

      31.9MB

    • MD5

      838ec5f6c016c8ab0dff3fd8a8ec3c0e

    • SHA1

      6375bc6c829d5b034a8c9b16e8a24ea58d88a02d

    • SHA256

      7130f3050718b8dc5bcf760bf129dc68da5285d058d59d27ae3f2c667c7a8809

    • SHA512

      a8c132a01d64d3b8502657f987be2f535beb213b36b0a6d0e3aa713b21afca2f7e9c0ae8877e0cd6b886f09148fdc974c718128e949b03b6a379c47dd26ef9e0

    • SSDEEP

      786432:FSIU2l8aiTYe63KgsXHYcTUYkaZQb0jI9E4+5kNaX1ku4:FLl8awO6gKYctkjYJD5D1p4

    • Detect ZGRat V1

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V1 payload

    • UAC bypass

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks