Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    21212990704.zip

  • Size

    14.0MB

  • Sample

    250207-zatrcsxndk

  • MD5

    de5088a61567ec2260ed9f64529eab08

  • SHA1

    b649105dfb7e9b1294e205439a7e4bb77845d1fc

  • SHA256

    9d1131eb127a57898c7fe2a66e2fe0533b5c15ce295d999548b2289cfcedf906

  • SHA512

    602f66b197ed35c6902708a012eb39d2e45584f3bb214f7c97a3dcc3f18b06f51213d166836714204dee7fc3120cc9234616bd9fcc7b8cf2b81bf4ded1184e52

  • SSDEEP

    196608:lBdJD5LlGvRNJWUKW8Vf5Fzqqb1VPPu7gk7ibe+6M7AoHBSLndum17leM27dbFIp:5JD5LlG5uUJ8hLz1zwUZA0cnblEnxZxm

Malware Config

Extracted

Family

raccoon

Botnet

74792170e2ae861332d483b2cb2fedaf

C2

http://37.220.87.93/

http://77.73.134.75/

http://83.217.11.38/

Attributes
  • user_agent

    AYAYAYAY1337

xor.plain

Targets

    • Target

      e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e

    • Size

      14.3MB

    • MD5

      0ba11453f94df5f7f4e38c224c73fa49

    • SHA1

      aa23a52cb2a93fa8ea7529374d4eb3cf32129e1a

    • SHA256

      e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e

    • SHA512

      afb7670f5a227bbd38da0e569eca7cd73a8f5a225f4ee371f0661a34aa572646031a7a1f84bd5443a6b1369f0adaf650cb71cbc175708e47251ca9449151a010

    • SSDEEP

      393216:/EMXNewWmfWWx/4LPAUGKHukegLNyCmyzJg:/E0N3fWWxiPoKHukegLNyC

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Downloads MZ/PE file

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks