raccoon | f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1 | Triage

Sharing

General

Target

f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
Size

560KB
Sample

210922-h7srwseegm
MD5

72dafc4033046a1406b08fff6c9edbae
SHA1

18fde5c7adb6152e155017af5219995fe615486c
SHA256

f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
SHA512

8a767cd7aafda33d393fa5eb4fbf4d782c77bb8b61931365e424af630a87bd5af3bea452f1ef6cdfe0b69ebaa63cc4d869f311ffc248652a2bdd6a3670fe2ee2

Score

10^/10

raccoon 3a0693aace391ad57b292defd202847793de4c76 discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

3a0693aace391ad57b292defd202847793de4c76

Attributes

url4cnc
https://telete.in/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
- Size
  
  560KB
- MD5
  
  72dafc4033046a1406b08fff6c9edbae
- SHA1
  
  18fde5c7adb6152e155017af5219995fe615486c
- SHA256
  
  f0d6b6de5eadb2edf11dce199030f150d6a1597fde159c0f8e7491e13fcf26c1
- SHA512
  
  8a767cd7aafda33d393fa5eb4fbf4d782c77bb8b61931365e424af630a87bd5af3bea452f1ef6cdfe0b69ebaa63cc4d869f311ffc248652a2bdd6a3670fe2ee2
Score

10^/10

raccoon 3a0693aace391ad57b292defd202847793de4c76 discovery spyware stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon3a0693aace391ad57b292defd202847793de4c76discoveryspywarestealer