Overview

overview

10

Static

static

3

F0nts/DL/Winzip.exe

windows7-x64

4

F0nts/DL/Winzip.exe

windows10-2004-x64

1

F0nts/Lang...ip.exe

windows7-x64

1

F0nts/Lang...ip.exe

windows10-2004-x64

1

F0nts/Nita/Winzip.exe

windows7-x64

1

F0nts/Nita/Winzip.exe

windows10-2004-x64

1

F0nts/Rupo/Winzip.exe

windows7-x64

1

F0nts/Rupo/Winzip.exe

windows10-2004-x64

1

F0nts/Tire/Winzip.exe

windows7-x64

1

F0nts/Tire/Winzip.exe

windows10-2004-x64

1

F0nts/erro...ip.exe

windows7-x64

1

F0nts/erro...ip.exe

windows10-2004-x64

1

LaNgz/Winzip.exe

windows7-x64

1

LaNgz/Winzip.exe

windows10-2004-x64

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Full_Setup_Downloaded_Here.zip

  • Size

    37.9MB

  • Sample

    240604-bj9beagg28

  • MD5

    8ead0f163701c1c225dcd6b055bd16a3

  • SHA1

    cd18e99b0be5561aeb7b709f40eb1978d5b9a229

  • SHA256

    71e9d4c711a188b0bc798b078eb8f052b11d479c9f4e4f1d746dccfefd4de984

  • SHA512

    4c200fa3b722266b1f88c3413b519234ac6878ac33b16b82e8f87c984c4c5ddb00051cd0d7b643b0102d40dbf725118a3966caa5b32782e3cf1245ce31f07989

  • SSDEEP

    786432:2jdM1/hVgjdM1/hVXjdM1/hVujdM1/hVMjdM1/hVGjdM1/hVJajdM1/hVb037UtM:AM15VCM15VhM15VYM15VWM15VwM15VJ4

Score
10/10
raccoon540b1db0b12b23e63e6942952aa03e47discoverypersistencestealer

Malware Config

Extracted

Family

raccoon

Botnet

540b1db0b12b23e63e6942952aa03e47

C2

http://45.9.74.36/

http://45.9.74.34/
Attributes
  • user_agent

    B1D3N_RIM_MY_ASS

xor.plain

Targets

    • Target

      F0nts/DL/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    4/10
    discoverypersistence
    behavioral1behavioral2

    • Target

      F0nts/LangZ/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral3behavioral4

    • Target

      F0nts/Nita/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral5behavioral6

    • Target

      F0nts/Rupo/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral7behavioral8

    • Target

      F0nts/Tire/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral10behavioral9

    • Target

      F0nts/error/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral11behavioral12

    • Target

      LaNgz/Winzip.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral13behavioral14

    • Target

      Setup.exe

    • Size

      986.1MB

    • MD5

      36f96bb2220861f5315f3b4de51105ad

    • SHA1

      15fb865cc0949e7ae96e97b59dbaef09f02cf04c

    • SHA256

      a72da86eeebd5577083b1b1feb55bbb8fbda6f995bca6f67d53d251c4c8c0791

    • SHA512

      866136b4b33d01e4551581aa2d6b41cffcf42539c2df620057b7b7c9c394198f84985e4f1979175b83148422697b895256b816a1afb8c5bb97b860d366338b1b

    • SSDEEP

      393216:CEgPTO/bjSeaYI8hxobWiI3+j57lGi0oc:myDpXDwTI3i5JjK

    Score
    10/10
    raccoon540b1db0b12b23e63e6942952aa03e47stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

8
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks