raccoon | c317497533e17391aa3e1d4c9d8f67620f9a6381900a13b125eaa76947ea36de | Triage

Sharing

General

Target

81a0de5f566e305cea72406bb029812b
Size

505KB
Sample

210722-axnr1dsp5s
MD5

81a0de5f566e305cea72406bb029812b
SHA1

4fb97923b202b3dedcb4addedc0f167f212e5e2d
SHA256

c317497533e17391aa3e1d4c9d8f67620f9a6381900a13b125eaa76947ea36de
SHA512

c980d25ffde76910504c44d259841a899a0c0b8aeeca757db6d7f633f630e22c8ecc3fc7fbb0d3ddff4e729d4ebc5a2d92102b83d9aa40ad8dc1019f6379a95c

Score

10^/10

raccoon discovery spyware stealer

Malware Config

Targets

- Target
  
  81a0de5f566e305cea72406bb029812b
- Size
  
  505KB
- MD5
  
  81a0de5f566e305cea72406bb029812b
- SHA1
  
  4fb97923b202b3dedcb4addedc0f167f212e5e2d
- SHA256
  
  c317497533e17391aa3e1d4c9d8f67620f9a6381900a13b125eaa76947ea36de
- SHA512
  
  c980d25ffde76910504c44d259841a899a0c0b8aeeca757db6d7f633f630e22c8ecc3fc7fbb0d3ddff4e729d4ebc5a2d92102b83d9aa40ad8dc1019f6379a95c
Score

10^/10

raccoon discovery spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoondiscoveryspywarestealer