General

  • Target

    8d343f8c6d7d7d90275c903bc5a39714

  • Size

    1.4MB

  • Sample

    240203-ymbkwabddp

  • MD5

    8d343f8c6d7d7d90275c903bc5a39714

  • SHA1

    130590d70f7eb3ae248bcc1fbd237c8719205860

  • SHA256

    65a471e7b1376b3977ee1a322bc8dd818ea617851f2704f635a6df644bc42f84

  • SHA512

    ac31d37e0ab69e939cbaf45d4132bfdbffef11a0159fc597bb2cb9c58a1ab52b2e20deaf189f778e53b9b31899a03c81b5201aa591896b64ccdc633e366786cb

  • SSDEEP

    24576:y43iphi3OFSIFOtzGQaAyhSyaC31oSJnAZBWET8Awfo:TdeFhYLGhaC3JJnAzWETrw

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

63d550b5c5185e252a650ddb9bc95800dac04ff1

Attributes
  • url4cnc

    https://telete.in/h_manchik_1

rc4.plain
rc4.plain

Targets

    • Target

      8d343f8c6d7d7d90275c903bc5a39714

    • Size

      1.4MB

    • MD5

      8d343f8c6d7d7d90275c903bc5a39714

    • SHA1

      130590d70f7eb3ae248bcc1fbd237c8719205860

    • SHA256

      65a471e7b1376b3977ee1a322bc8dd818ea617851f2704f635a6df644bc42f84

    • SHA512

      ac31d37e0ab69e939cbaf45d4132bfdbffef11a0159fc597bb2cb9c58a1ab52b2e20deaf189f778e53b9b31899a03c81b5201aa591896b64ccdc633e366786cb

    • SSDEEP

      24576:y43iphi3OFSIFOtzGQaAyhSyaC31oSJnAZBWET8Awfo:TdeFhYLGhaC3JJnAzWETrw

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V1 payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks