Overview

overview

10

Static

static

3

4363463463...63.exe

windows10-2004-x64

10

Resubmissions

11-02-2024 08:10

240211-j212ragb47 10

11-02-2024 08:09

240211-j2kprseb2w 10

09-02-2024 18:28

240209-w4c4xsde9t 10

02-02-2024 12:52

240202-p4dxwsgfej 10

02-02-2024 12:45

240202-pzapnsgdbp 10

16-01-2024 15:29

240116-sw8dbaehh3 10

10-01-2024 14:41

240110-r2wq2ahchl 10

10-01-2024 13:29

240110-qrqatshbg3 10

22-12-2023 08:48

231222-kqp1sadghq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4363463463464363463463463.bin.zip

  • Size

    4KB

  • Sample

    240211-j212ragb47

  • MD5

    4204f7bcb4ce002240de2af9fc5f4264

  • SHA1

    83fb5688b0cffa93b06719d0fc5b62f70af460c5

  • SHA256

    0c951f58a23cd2c9bdccb727d41e33e740344af36d91419907ce016977b2a62d

  • SHA512

    75a636889904293bb493957af9fecf5ad044ff44bb82c07b550473e6af45931ece7f2e72b53891a90c4045f8d816752414c560d2486f055824f069e6573bf103

  • SSDEEP

    96:fq6yIIHV+fWsPpulzlC8luqtW5idkvRmb/DLr2OtWtvJAsO13uhy5RKd9Wj:BIHV8WN5lu4iiTD/COtSvJAF1Gy5RKdC

Score
10/10
lgoogloaderraccoonafed87781b48070c555e77a16d871208downloaderevasionstealertrojan

Malware Config

Extracted

Family

raccoon

Botnet

afed87781b48070c555e77a16d871208

C2

http://185.16.39.253:80/

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      4363463463464363463463463.bin

    • Size

      10KB

    • MD5

      2a94f3960c58c6e70826495f76d00b85

    • SHA1

      e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

    • SHA256

      2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

    • SHA512

      fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

    • SSDEEP

      192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

    Score
    10/10
    lgoogloaderraccoonafed87781b48070c555e77a16d871208downloaderevasionstealertrojan

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

      downloaderlgoogloader

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Scheduled Task/Job

1
T1053

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks