raccoon | 09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222 | Triage

Resubmissions

27-02-2020 14:31

200227-bkpn15vpg2 10

21-02-2020 16:28

200221-rpakr52wfa 10

20-02-2020 19:36

200220-tp5ealxpvx 10

Sharing

General

Target

1157719080.EXE
Size

878KB
Sample

200221-rpakr52wfa
MD5

7e70e99390a74ad36bfd7b82f8f6df7e
SHA1

404d5850b8967259d778c796a0720abe35018d98
SHA256

09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222
SHA512

c31f71dae0624f30ff1f23640168a769dfb14ff7f8cabf01aa0a3ae4465b1e56f67a12c9bf84b39bb24897ea25ad4144253be2f50ffb640a008e1fcfbaf48226

Score

10^/10

raccoon 3dbd762906e1b32ddcb1ca61554f89c2f5686d2c evasion spyware stealer trojan

Malware Config

Extracted

Family

raccoon

Botnet

3dbd762906e1b32ddcb1ca61554f89c2f5686d2c

C2

http://104.248.18.25/gate/log.php

Attributes

url4cnc
https://drive.google.com/uc?export=download&id=1-sIY2_CjYF5N7Cc4kIq7R17orSgXQ5Y6

rc4.plain

rc4.plain

Targets

- Target
  
  1157719080.EXE
- Size
  
  878KB
- MD5
  
  7e70e99390a74ad36bfd7b82f8f6df7e
- SHA1
  
  404d5850b8967259d778c796a0720abe35018d98
- SHA256
  
  09f6673d04fa445820e1279aa202acde6e33066f2bfb135dd6458fe41398a222
- SHA512
  
  c31f71dae0624f30ff1f23640168a769dfb14ff7f8cabf01aa0a3ae4465b1e56f67a12c9bf84b39bb24897ea25ad4144253be2f50ffb640a008e1fcfbaf48226
Score

10^/10

evasion spyware trojan stealer raccoon
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywaretrojanstealerraccoon

behavioral2