raccoon | 9ffea31df5176daa4b689b2cdf544a3df2722a640212c8000dea35bfbdfe21e3 | Triage

Sharing

General

Target

9ffea31df5176daa4b689b2cdf544a3df2722a640212c8000dea35bfbdfe21e3
Size

428KB
Sample

210908-j2tbxahcdl
MD5

783f4d0de698f381e7e5d2a7b8286747
SHA1

8d9428aeb487ebfc2fc40b4c3075450c5d90c0ad
SHA256

9ffea31df5176daa4b689b2cdf544a3df2722a640212c8000dea35bfbdfe21e3
SHA512

0ea6771aa1d01f9b5ab701d04440c7a6de334a0086b8ac033169e622059f6c3cf0a17c18422d54bed46f2d56fa2407882c4dc1f0300c9b1a99a8b6abdf90857f

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  9ffea31df5176daa4b689b2cdf544a3df2722a640212c8000dea35bfbdfe21e3
- Size
  
  428KB
- MD5
  
  783f4d0de698f381e7e5d2a7b8286747
- SHA1
  
  8d9428aeb487ebfc2fc40b4c3075450c5d90c0ad
- SHA256
  
  9ffea31df5176daa4b689b2cdf544a3df2722a640212c8000dea35bfbdfe21e3
- SHA512
  
  0ea6771aa1d01f9b5ab701d04440c7a6de334a0086b8ac033169e622059f6c3cf0a17c18422d54bed46f2d56fa2407882c4dc1f0300c9b1a99a8b6abdf90857f
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer