GitHub - Neo23x0/Raccine: A Simple Ransomware Vaccine
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Software - T1592.002 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID b92f0fee-b633-4bb7-bc90-bce0e5837c85
Fingerprint 1e29c93b2da5d670
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 22, 2022, midnight
Added to db Feb. 18, 2023, 1:19 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Neo23x0/Raccine
Title GitHub - Neo23x0/Raccine: A Simple Ransomware Vaccine
Detected Hints/Tags/Attributes 35/1/30
Source URLs
Redirection Url
Details Source https://github.com/Neo23x0/Raccine
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 107 
aka.ms
Details Domain 1 
raccine.zip
Details File 345 
vssadmin.exe
Details File 240 
wmic.exe
Details File 6 
raccine.exe
Details File 1 
raccine-reg-patch-uninstall.reg
Details File 1260 
explorer.exe
Details File 105 
bcdedit.exe
Details File 1208 
powershell.exe
Details File 1 
c:\programdata\raccine_log.txt
Details File 23 
diskshadow.exe
Details File 82 
taskkill.exe
Details File 13 
x64.exe
Details File 1 
install-raccine.bat
Details File 1 
raccine.zip
Details File 1 
raccine-installer.bat
Details File 9 
raccinesettings.exe
Details File 1 
raccinerulessync.exe
Details File 37 
ransomware.exe
Details File 31 
c:\windows\system32\wbem\wmic.exe
Details File 2125 
cmd.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 1 
c:\program files\raccine\yara64.exe
Details File 1 
c:\programdata\raccine\yara\rac1c6a.tmp
Details File 16 
gpupdate.exe
Details File 1 
c:\programdata\raccine\raccine_log.txt
Details File 22 
taskdl.exe
Details Url 1 
https://aka.ms/vs/16/release/vc_redist.x64.exe
Details Windows Registry Key 2 
HKCU\Software\Raccine
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run