General

  • Target

    149c52fc9f8e8eb35411eefa46eed4e1.exe

  • Size

    6.1MB

  • Sample

    240131-g1fy3sdbb6

  • MD5

    149c52fc9f8e8eb35411eefa46eed4e1

  • SHA1

    f00cacd474f09bbd9ea2b11213635fa310920b3a

  • SHA256

    9f40425e1c2ffbf71fa43966c0e1b006fe40a9d6c02f03165a7008d982cb54d0

  • SHA512

    163c90383d264c10ea2fab6df36369b713a0f8a4775a94f5a905e1d3cc2b8c2ac051407a1ef7f3b3f41a7e808c39b539171d4b0f33ea49159822cf059365cfd6

  • SSDEEP

    24576:XUz+4cv3r+ys6rm4xEJ2DU4yHcEUVFmCDjanwtTI:X/zv3r+y3EgVyHVCDjOwi

Malware Config

Extracted

Family

raccoon

Botnet

51aff6e9402ba30682487f3dfa017fcf

C2

http://195.20.16.155:80

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      149c52fc9f8e8eb35411eefa46eed4e1.exe

    • Size

      6.1MB

    • MD5

      149c52fc9f8e8eb35411eefa46eed4e1

    • SHA1

      f00cacd474f09bbd9ea2b11213635fa310920b3a

    • SHA256

      9f40425e1c2ffbf71fa43966c0e1b006fe40a9d6c02f03165a7008d982cb54d0

    • SHA512

      163c90383d264c10ea2fab6df36369b713a0f8a4775a94f5a905e1d3cc2b8c2ac051407a1ef7f3b3f41a7e808c39b539171d4b0f33ea49159822cf059365cfd6

    • SSDEEP

      24576:XUz+4cv3r+ys6rm4xEJ2DU4yHcEUVFmCDjanwtTI:X/zv3r+y3EgVyHVCDjOwi

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks