raccoon | 763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9
Size

478KB
Sample

210807-cxn183rghe
MD5

7b7ea06bc32f1dca48a51229d69cb683
SHA1

6e4651d41591aa8aad5e57ac13baf0fe0e2e604e
SHA256

763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9
SHA512

65889030ec130dc54d56aaefa40b53dcfe53635293a74a92bdcbe49e942fea7bdb5febba23662d844dfa0e7e85664af96e63437aa4a045e3ea303062d1d92e06

Score

10^/10

raccoon 83fbe81dd43f775dd8af3cd619f88f428fbd9a96 discovery phishing spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9.exe

Resource

win10v20210410

raccoon 83fbe81dd43f775dd8af3cd619f88f428fbd9a96 discovery phishing spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

83fbe81dd43f775dd8af3cd619f88f428fbd9a96

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9
- Size
  
  478KB
- MD5
  
  7b7ea06bc32f1dca48a51229d69cb683
- SHA1
  
  6e4651d41591aa8aad5e57ac13baf0fe0e2e604e
- SHA256
  
  763681c09846b8efd353c1f21f32beb3b1a4b66cb1652fe8f8a54dfee7ad19f9
- SHA512
  
  65889030ec130dc54d56aaefa40b53dcfe53635293a74a92bdcbe49e942fea7bdb5febba23662d844dfa0e7e85664af96e63437aa4a045e3ea303062d1d92e06
Score

10^/10

raccoon 83fbe81dd43f775dd8af3cd619f88f428fbd9a96 discovery phishing spyware stealer
- Detected phishing page
  phishing
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon83fbe81dd43f775dd8af3cd619f88f428fbd9a96discoveryphishingspywarestealer

© 2018-2024

Terms | Privacy