Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil

  • Size

    5.6MB

  • Sample

    240402-ayrjgabh94

  • MD5

    f9b49c98755c58c68618cb1e9985587f

  • SHA1

    561f73b4258a2b36547265cc47560ea96fe618e4

  • SHA256

    dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61

  • SHA512

    be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688

  • SSDEEP

    98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o

Malware Config

Extracted

Family

raccoon

Botnet

4a9f651f0c883b5f75c545d430f6c021

C2

http://192.227.94.170:80

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil

    • Size

      5.6MB

    • MD5

      f9b49c98755c58c68618cb1e9985587f

    • SHA1

      561f73b4258a2b36547265cc47560ea96fe618e4

    • SHA256

      dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61

    • SHA512

      be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688

    • SSDEEP

      98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks