raccoon | 07967e861e991eabea5649e7e6de840028a2b217d2a9f354315c9b8f25e34068 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PWS.Siggen2.61833.4196.20708
Size

1.9MB
Sample

210311-s7m88k1aw6
MD5

c7df9293a3b926e11a4ede7aeedd5c58
SHA1

86ccae3e5b2b67b6d6758554ea57cbd4d66be034
SHA256

07967e861e991eabea5649e7e6de840028a2b217d2a9f354315c9b8f25e34068
SHA512

7f308d46f30b7197955e522afdaa508f7e302cb5525c33dae4f27eff56f3b20c618763ee68516c745d6ec4e94a356b043c2ccbd47e20badeccb904f2d4b785ba

Score

10^/10

raccoon aef61793e586ca15c24106ac17a2a83a30fb0a25 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

aef61793e586ca15c24106ac17a2a83a30fb0a25

Attributes

url4cnc
https://tttttt.me/h_scroogenews_1

rc4.plain

rc4.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.PWS.Siggen2.61833.4196.20708
- Size
  
  1.9MB
- MD5
  
  c7df9293a3b926e11a4ede7aeedd5c58
- SHA1
  
  86ccae3e5b2b67b6d6758554ea57cbd4d66be034
- SHA256
  
  07967e861e991eabea5649e7e6de840028a2b217d2a9f354315c9b8f25e34068
- SHA512
  
  7f308d46f30b7197955e522afdaa508f7e302cb5525c33dae4f27eff56f3b20c618763ee68516c745d6ec4e94a356b043c2ccbd47e20badeccb904f2d4b785ba
Score

10^/10

raccoon aef61793e586ca15c24106ac17a2a83a30fb0a25 stealer spyware
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonaef61793e586ca15c24106ac17a2a83a30fb0a25stealer

behavioral2

raccoonaef61793e586ca15c24106ac17a2a83a30fb0a25spywarestealer