raccoon | 566841ee4280e0364d309420040a5a6b355473c25350e41eb0338c8c894de29a | Triage

Sharing

General

Target

566841ee4280e0364d309420040a5a6b355473c25350e41eb0338c8c894de29a
Size

428KB
Sample

210908-ftp3qsdgd2
MD5

f65e1fb05440ae380ebeb0ce5ed4d7b0
SHA1

0909ca7ad8d8b5186881328345386bfc4265ce5f
SHA256

566841ee4280e0364d309420040a5a6b355473c25350e41eb0338c8c894de29a
SHA512

ef883d1c63a27d8f59540a55e208c7f4835522505572f6a23a368497c3fe855f43fa753fada564ed630737ca8541b24017b7c04e28ab70b8499214d452585c82

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  566841ee4280e0364d309420040a5a6b355473c25350e41eb0338c8c894de29a
- Size
  
  428KB
- MD5
  
  f65e1fb05440ae380ebeb0ce5ed4d7b0
- SHA1
  
  0909ca7ad8d8b5186881328345386bfc4265ce5f
- SHA256
  
  566841ee4280e0364d309420040a5a6b355473c25350e41eb0338c8c894de29a
- SHA512
  
  ef883d1c63a27d8f59540a55e208c7f4835522505572f6a23a368497c3fe855f43fa753fada564ed630737ca8541b24017b7c04e28ab70b8499214d452585c82
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer