raccoon | 662422fec3e37c67330c1c520664ca2e87083dfa5727709507a42ff9e6e96a6d | Triage

Sharing

General

Target

662422fec3e37c67330c1c520664ca2e87083dfa5727709507a42ff9e6e96a6d
Size

428KB
Sample

210908-jbt6hseab6
MD5

352bc687ef9ebe1731d01f6cfae158ac
SHA1

ed443ef9c00d062d7edc488863517897d2f7cf9b
SHA256

662422fec3e37c67330c1c520664ca2e87083dfa5727709507a42ff9e6e96a6d
SHA512

793fa04e3f22052f66739d462a1942ae792aa1800c4c9b5de4209bf7e03d5a7f2e2fc7b2a0dea862e3b0bfac3a6d66cf2caea6601bc2d358f672861705b14441

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  662422fec3e37c67330c1c520664ca2e87083dfa5727709507a42ff9e6e96a6d
- Size
  
  428KB
- MD5
  
  352bc687ef9ebe1731d01f6cfae158ac
- SHA1
  
  ed443ef9c00d062d7edc488863517897d2f7cf9b
- SHA256
  
  662422fec3e37c67330c1c520664ca2e87083dfa5727709507a42ff9e6e96a6d
- SHA512
  
  793fa04e3f22052f66739d462a1942ae792aa1800c4c9b5de4209bf7e03d5a7f2e2fc7b2a0dea862e3b0bfac3a6d66cf2caea6601bc2d358f672861705b14441
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer