raccoon | 08fd20d116a64a8e132dee3f603b07bb0050434cfe3f494678a00a2ea50f025e | Triage

Submit
Reports

Overview

overview

Static

static

aa88d9f612...54.exe

windows7_x64

aa88d9f612...54.exe

windows10_x64

Sharing

General

Target

aa88d9f6126e8dd9a22d976f92360654.exe
Size

571KB
Sample

210814-htxl5gf1f2
MD5

aa88d9f6126e8dd9a22d976f92360654
SHA1

8357f762208dd664113732d4058f01132a9d31cd
SHA256

08fd20d116a64a8e132dee3f603b07bb0050434cfe3f494678a00a2ea50f025e
SHA512

5c3e42a0c6e668ed404811b7daae04ed64553df93ad3385430131fb7c1ced00542af65c70a30e298c588dc6db4b6205d689519acec875d2f8c5529f1dc419b3b

Score

10^/10

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

aa88d9f6126e8dd9a22d976f92360654.exe

Resource

win7v20210410

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aa88d9f6126e8dd9a22d976f92360654.exe

Resource

win10v20210410

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

cd8dc1031358b1aec55cc6bc447df1018b068607

Attributes

url4cnc
https://telete.in/jagressor_kz

rc4.plain

rc4.plain

Targets

- Target
  
  aa88d9f6126e8dd9a22d976f92360654.exe
- Size
  
  571KB
- MD5
  
  aa88d9f6126e8dd9a22d976f92360654
- SHA1
  
  8357f762208dd664113732d4058f01132a9d31cd
- SHA256
  
  08fd20d116a64a8e132dee3f603b07bb0050434cfe3f494678a00a2ea50f025e
- SHA512
  
  5c3e42a0c6e668ed404811b7daae04ed64553df93ad3385430131fb7c1ced00542af65c70a30e298c588dc6db4b6205d689519acec875d2f8c5529f1dc419b3b
Score

10^/10

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 discovery spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccooncd8dc1031358b1aec55cc6bc447df1018b068607discoveryspywarestealer

behavioral2

raccooncd8dc1031358b1aec55cc6bc447df1018b068607discoveryspywarestealer

© 2018-2024

Terms | Privacy