raccoon | f57f261dcc8b1578db3e24361c1b3bf9e84db0a770d4663fa393440c8c1c1948 | Triage

Sharing

General

Target

f57f261dcc8b1578db3e24361c1b3bf9e84db0a770d4663fa393440c8c1c1948
Size

428KB
Sample

210908-jpd2fshcar
MD5

611401a3bc2ff42c97078d6b473b6d23
SHA1

02643bbf80262499009ec749728b6e5a5bbeac6f
SHA256

f57f261dcc8b1578db3e24361c1b3bf9e84db0a770d4663fa393440c8c1c1948
SHA512

9edca3cd51443ec2bd707292db65b5815243a79a61b6836b9fd90ecfe7e1cff5a2cdce95038341a13c251d9233ca49703f02826a62c1cdb44a59ab2754fd4bbb

Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes

url4cnc
https://telete.in/opa4kiprivatem

rc4.plain

rc4.plain

Targets

- Target
  
  f57f261dcc8b1578db3e24361c1b3bf9e84db0a770d4663fa393440c8c1c1948
- Size
  
  428KB
- MD5
  
  611401a3bc2ff42c97078d6b473b6d23
- SHA1
  
  02643bbf80262499009ec749728b6e5a5bbeac6f
- SHA256
  
  f57f261dcc8b1578db3e24361c1b3bf9e84db0a770d4663fa393440c8c1c1948
- SHA512
  
  9edca3cd51443ec2bd707292db65b5815243a79a61b6836b9fd90ecfe7e1cff5a2cdce95038341a13c251d9233ca49703f02826a62c1cdb44a59ab2754fd4bbb
Score

10^/10

raccoon 93d3ccba4a3cbd5e268873fc1760b2335272e198 spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer