raccoon | 0451274bfd144e88030bfd2e95755fb0b3f88555633071fdec7e307766421db8 | Triage

Sharing

General

Target

0451274bfd144e88030bfd2e95755fb0b3f88555633071fdec7e307766421db8
Size

428KB
Sample

210908-hzfscshbgl
MD5

557f35d0d2d0add606d8b827c2f0e69d
SHA1

55e9e651208802f72269b3f34800ff2c8ba3fb56
SHA256

0451274bfd144e88030bfd2e95755fb0b3f88555633071fdec7e307766421db8
SHA512

54a48385d488997752fe68ff9db5d0ce4e8e1bac26a8dbcfc9b626f429cd99fd664fdde7dc32dda9e21d7ef8f960af33c480bb5db73af1d36684cd53bf52b9de

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  0451274bfd144e88030bfd2e95755fb0b3f88555633071fdec7e307766421db8
- Size
  
  428KB
- MD5
  
  557f35d0d2d0add606d8b827c2f0e69d
- SHA1
  
  55e9e651208802f72269b3f34800ff2c8ba3fb56
- SHA256
  
  0451274bfd144e88030bfd2e95755fb0b3f88555633071fdec7e307766421db8
- SHA512
  
  54a48385d488997752fe68ff9db5d0ce4e8e1bac26a8dbcfc9b626f429cd99fd664fdde7dc32dda9e21d7ef8f960af33c480bb5db73af1d36684cd53bf52b9de
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer