raccoon | 5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1 | Triage

Sharing

General

Target

5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
Size

422KB
Sample

210828-7vx7t6xfrx
MD5

ce2328dfe8cdacd43216f91b61fec631
SHA1

80380910dabc95803a470c9f58d1ff3645747997
SHA256

5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
SHA512

e4143db4187b69110cf8ca4dba6c17d20b508963b2168bba00ac1f34191904757d218836425c5067891756d6b972bdfb4e514a6678c1141e1291b23409d9ab29

Score

10^/10

raccoon 0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73a spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73a

Attributes

url4cnc
https://telete.in/secuhaski4

rc4.plain

rc4.plain

Targets

- Target
  
  5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
- Size
  
  422KB
- MD5
  
  ce2328dfe8cdacd43216f91b61fec631
- SHA1
  
  80380910dabc95803a470c9f58d1ff3645747997
- SHA256
  
  5044bd3dfd6bd23b2ed2e52e4efc0ec6ee59d71d7672d37ce9f2b68e2299a9d1
- SHA512
  
  e4143db4187b69110cf8ca4dba6c17d20b508963b2168bba00ac1f34191904757d218836425c5067891756d6b972bdfb4e514a6678c1141e1291b23409d9ab29
Score

10^/10

raccoon 0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73a spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon0a7408c65c3ceba29fcaa1d6f9f7143fe4fab73aspywarestealer