raccoon | b4fb873efe46af1c642cf95c769636299db7a264dae7c6ac98043d69a13a32c2 | Triage

Sharing

General

Target

111.exe
Size

1.1MB
Sample

200306-4hphs99b7j
MD5

2811be8de6af1ee6bedcc961c9001e32
SHA1

535ddd8df6536df9ad9b7bb542d02c3bba3f4501
SHA256

b4fb873efe46af1c642cf95c769636299db7a264dae7c6ac98043d69a13a32c2
SHA512

929a852d2b7287480d22a04c59b18dc6533e7f838515c55d48f1232fb4289f3f4f0cf4144f400ae850f13cd4e81d320cd0e52fd880cb8b55a72ae19477fef1e3

Score

10^/10

raccoon e4c70942470abe329d09148289e517bba5dc8de8 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

e4c70942470abe329d09148289e517bba5dc8de8

C2

http://34.77.125.60/gate/log.php

Attributes

url4cnc
https://drive.google.com/uc?export=download&id=1qZrnBBnNnNNwKTzUp7lRHQjySnzCdh12

rc4.plain

rc4.plain

Targets

- Target
  
  111.exe
- Size
  
  1.1MB
- MD5
  
  2811be8de6af1ee6bedcc961c9001e32
- SHA1
  
  535ddd8df6536df9ad9b7bb542d02c3bba3f4501
- SHA256
  
  b4fb873efe46af1c642cf95c769636299db7a264dae7c6ac98043d69a13a32c2
- SHA512
  
  929a852d2b7287480d22a04c59b18dc6533e7f838515c55d48f1232fb4289f3f4f0cf4144f400ae850f13cd4e81d320cd0e52fd880cb8b55a72ae19477fef1e3
Score

10^/10

spyware stealer raccoon
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Program crash
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spywarestealerraccoon