raccoon | a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9
Size

420KB
Sample

210926-zsp6wsfcdq
MD5

2c4c4fa98508731d58c374212d5f43eb
SHA1

345c5d181d37fc5e60cdad96c2f747240fa4e8bd
SHA256

a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9
SHA512

8673eae1cda1a08e290b72c475a829cb0345faafdaa087ba5b5a1f340bf9d9480721c476dae0f9ac375bf2f3f03fd65da2057e40d31ccdfd826f88a7790e1cd6

Score

10^/10

raccoon 5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9.exe

Resource

win10v20210408

raccoon 5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4

Attributes

url4cnc
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9
- Size
  
  420KB
- MD5
  
  2c4c4fa98508731d58c374212d5f43eb
- SHA1
  
  345c5d181d37fc5e60cdad96c2f747240fa4e8bd
- SHA256
  
  a3ce87c55ad0129d869129de0a1963eaa99f43741d3428747436efebc330c0d9
- SHA512
  
  8673eae1cda1a08e290b72c475a829cb0345faafdaa087ba5b5a1f340bf9d9480721c476dae0f9ac375bf2f3f03fd65da2057e40d31ccdfd826f88a7790e1cd6
Score

10^/10

raccoon 5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4 discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy