raccoon | ba724bde10e0eabd0e2861d6bcc9c11e1833c00251de3e14e746069c86dd6427 | Triage

Sharing

General

Target

ba724bde10e0eabd0e2861d6bcc9c11e1833c00251de3e14e746069c86dd6427
Size

428KB
Sample

210908-f66agsdge9
MD5

15dad07721c07b6c85221bc20a4d2995
SHA1

895eb101131f787a5622c6def9928e46631371d8
SHA256

ba724bde10e0eabd0e2861d6bcc9c11e1833c00251de3e14e746069c86dd6427
SHA512

f16f271d285c76a2ffff7a9f69442defb3e59b23efcbf3846747f589379421ef95ece10775de3fc70d3c318f03b98bf430571f2e316e5e56c421d8696491bc34

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  ba724bde10e0eabd0e2861d6bcc9c11e1833c00251de3e14e746069c86dd6427
- Size
  
  428KB
- MD5
  
  15dad07721c07b6c85221bc20a4d2995
- SHA1
  
  895eb101131f787a5622c6def9928e46631371d8
- SHA256
  
  ba724bde10e0eabd0e2861d6bcc9c11e1833c00251de3e14e746069c86dd6427
- SHA512
  
  f16f271d285c76a2ffff7a9f69442defb3e59b23efcbf3846747f589379421ef95ece10775de3fc70d3c318f03b98bf430571f2e316e5e56c421d8696491bc34
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer