raccoon | 4afb5969afd2c92b331d1fef3412103b6fa4d1ab3f386b9cf505b694038790bc | Triage

Submit
Reports

Overview

overview

Static

static

a168b5b542...97.exe

windows7_x64

a168b5b542...97.exe

windows10_x64

Sharing

General

Target

a168b5b542d041a874bcdc7261236297.exe
Size

518KB
Sample

210731-56f2dpv4v6
MD5

a168b5b542d041a874bcdc7261236297
SHA1

1b8a5e4844e304e5922765263f650ba8266a2e33
SHA256

4afb5969afd2c92b331d1fef3412103b6fa4d1ab3f386b9cf505b694038790bc
SHA512

1fd7073cb448f2e37e50faf8fcbf16bf31c2bcbb63eeffe13c57e3a1861061689bc65cc51fc40073dcf86b749f27a0ad3823b1fbba33b5ccaad8df22543b62b9

Score

10^/10

raccoon 8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a168b5b542d041a874bcdc7261236297.exe

Resource

win7v20210410

raccoon 8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6 discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a168b5b542d041a874bcdc7261236297.exe

Resource

win10v20210408

raccoon 8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6 discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6

Attributes

url4cnc
https://telete.in/youyouhell0world

rc4.plain

rc4.plain

Targets

- Target
  
  a168b5b542d041a874bcdc7261236297.exe
- Size
  
  518KB
- MD5
  
  a168b5b542d041a874bcdc7261236297
- SHA1
  
  1b8a5e4844e304e5922765263f650ba8266a2e33
- SHA256
  
  4afb5969afd2c92b331d1fef3412103b6fa4d1ab3f386b9cf505b694038790bc
- SHA512
  
  1fd7073cb448f2e37e50faf8fcbf16bf31c2bcbb63eeffe13c57e3a1861061689bc65cc51fc40073dcf86b749f27a0ad3823b1fbba33b5ccaad8df22543b62b9
Score

10^/10

raccoon 8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6 discovery spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6discoveryspywarestealer

behavioral2

raccoon8698be2e7e5a4e7e4dc8cd71c3845a10c60398c6discoveryspywarestealer

© 2018-2024

Terms | Privacy