lgoogloader | 0c951f58a23cd2c9bdccb727d41e33e740344af36d91419907ce016977b2a62d | Triage

Submit
Reports

Overview

overview

Static

static

3

4363463463...63.exe

windows10-2004-x64

Resubmissions

11-02-2024 08:10

240211-j212ragb47 10

11-02-2024 08:09

240211-j2kprseb2w 10

09-02-2024 18:28

240209-w4c4xsde9t 10

02-02-2024 12:52

240202-p4dxwsgfej 10

02-02-2024 12:45

240202-pzapnsgdbp 10

16-01-2024 15:29

240116-sw8dbaehh3 10

10-01-2024 14:41

240110-r2wq2ahchl 10

10-01-2024 13:29

240110-qrqatshbg3 10

22-12-2023 08:48

231222-kqp1sadghq 10

Sharing

General

Target

4363463463464363463463463.bin.zip
Size

4KB
Sample

240211-j212ragb47
MD5

4204f7bcb4ce002240de2af9fc5f4264
SHA1

83fb5688b0cffa93b06719d0fc5b62f70af460c5
SHA256

0c951f58a23cd2c9bdccb727d41e33e740344af36d91419907ce016977b2a62d
SHA512

75a636889904293bb493957af9fecf5ad044ff44bb82c07b550473e6af45931ece7f2e72b53891a90c4045f8d816752414c560d2486f055824f069e6573bf103
SSDEEP

96:fq6yIIHV+fWsPpulzlC8luqtW5idkvRmb/DLr2OtWtvJAsO13uhy5RKd9Wj:BIHV8WN5lu4iiTD/COtSvJAF1Gy5RKdC

Score

10^/10

lgoogloader raccoon afed87781b48070c555e77a16d871208 downloader evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4363463463464363463463463.exe

Resource

win10v2004-20231222-en

lgoogloader raccoon afed87781b48070c555e77a16d871208 downloader evasion stealer trojan

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Extracted

Family

raccoon

Botnet

afed87781b48070c555e77a16d871208

C2

http://185.16.39.253:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  4363463463464363463463463.bin
- Size
  
  10KB
- MD5
  
  2a94f3960c58c6e70826495f76d00b85
- SHA1
  
  e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
- SHA256
  
  2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
- SHA512
  
  fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
- SSDEEP
  
  192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K
Score

10^/10

lgoogloader raccoon afed87781b48070c555e77a16d871208 downloader evasion stealer trojan
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderraccoonafed87781b48070c555e77a16d871208downloaderevasionstealertrojan

© 2018-2024

Terms | Privacy