Overview

overview

10

Static

static

10

af175128a8...bd.exe

windows7-x64

10

af175128a8...bd.exe

windows10-2004-x64

10

$TEMP/lib_...ef.dll

windows7-x64

10

$TEMP/lib_...ef.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af175128a823db1274fc244d8f5a46bd

  • Size

    16.6MB

  • Sample

    240229-wa7fnsga3s

  • MD5

    af175128a823db1274fc244d8f5a46bd

  • SHA1

    9d67400fb5818a6c573c36eac8650458d7f1d07e

  • SHA256

    fc10619c7cb6b5de6ba8f58fd3ff889045ef77ea4cde4de7c5f313dbef1a7bc3

  • SHA512

    2fbd782242a4e57c2563cf4eb46d0bfca337839f126b93eca96a8c9a06377034336770c368da0c703ed2d7907f49d75b722dc688c461de1000e46c32368fe19f

  • SSDEEP

    393216:7Q4l1FoGr1o4X3LKq/LnF+aOeuKAxt9zpaz3y6Jqx5mDsLOVEi:7Q4l1Fo455LnVupJpa2ADsKVT

Score
10/10
blisterraccoon6f477b98912ea3958a37585999397f4fbda5dc46loaderstealervmprotect

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

6f477b98912ea3958a37585999397f4fbda5dc46

Attributes
  • url4cnc

    https://telete.in/chelmedvedosvin1

rc4.plain
rc4.plain

Targets

    • Target

      af175128a823db1274fc244d8f5a46bd

    • Size

      16.6MB

    • MD5

      af175128a823db1274fc244d8f5a46bd

    • SHA1

      9d67400fb5818a6c573c36eac8650458d7f1d07e

    • SHA256

      fc10619c7cb6b5de6ba8f58fd3ff889045ef77ea4cde4de7c5f313dbef1a7bc3

    • SHA512

      2fbd782242a4e57c2563cf4eb46d0bfca337839f126b93eca96a8c9a06377034336770c368da0c703ed2d7907f49d75b722dc688c461de1000e46c32368fe19f

    • SSDEEP

      393216:7Q4l1FoGr1o4X3LKq/LnF+aOeuKAxt9zpaz3y6Jqx5mDsLOVEi:7Q4l1Fo455LnVupJpa2ADsKVT

    Score
    10/10
    blisterraccoon6f477b98912ea3958a37585999397f4fbda5dc46loaderstealervmprotect

    • BLISTER

      BLISTER is a downloader used to deliver other malware families.

      loaderblister

    • Detect Blister loader x32

      loader

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $TEMP/lib_npp/libcef.dll

    • Size

      29.8MB

    • MD5

      0e8f94415c1e7694cb6b88bbf17f9339

    • SHA1

      df8be7a1694144e1613300c9e60da321b49fdd79

    • SHA256

      c1e6d8d159d05d34b6d97ff8629c0a266dd7b7c0665f19a5defc33aaa307f5e2

    • SHA512

      9f09399507b41c50a9838c1a26debcc3a405cc8c2191bbb7ef6d8b52ce443e532ae90ddd03a1f6a0eb50b2e8cd6b42a542872e8d717353692f0ecd82fef1b7ff

    • SSDEEP

      786432:u7GbWhs7Bcgr7wOw/2jt+KOY5rr4/ITehQ57c/RO2Tp7XvQT5:NbWhs7Bcgr7wtKt+KOY5rr4/ITeyc/RK

    Score
    10/10
    blisterloadervmprotect

    • BLISTER

      BLISTER is a downloader used to deliver other malware families.

      loaderblister

    • Detect Blister loader x32

      loader

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks