raccoon | 2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b
Size

567KB
Sample

211001-ntz7psbfgp
MD5

f88d18e8f84cf03d82b15bfc458eb0a2
SHA1

2330576f8abd3387d98336baeba0935ef41a8981
SHA256

2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b
SHA512

eb83ca01dccc1462c0baba281420532c6ea845195f82fc9f16d8f5adefeeaeda164b96404b2377fe747ad287e18dd3f559c13a245622b26d6af0ce40bf1856ca

Score

10^/10

raccoon f6d7183c9e82d2a9b81e6c0608450aa66cefb51f discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b.exe

Resource

win10v20210408

raccoon f6d7183c9e82d2a9b81e6c0608450aa66cefb51f discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

f6d7183c9e82d2a9b81e6c0608450aa66cefb51f

Attributes

url4cnc
https://t.me/justoprostohello

rc4.plain

rc4.plain

Targets

- Target
  
  2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b
- Size
  
  567KB
- MD5
  
  f88d18e8f84cf03d82b15bfc458eb0a2
- SHA1
  
  2330576f8abd3387d98336baeba0935ef41a8981
- SHA256
  
  2a5280746cfbb448730bf36a207edc89ce73564d95f156537798a87289622e3b
- SHA512
  
  eb83ca01dccc1462c0baba281420532c6ea845195f82fc9f16d8f5adefeeaeda164b96404b2377fe747ad287e18dd3f559c13a245622b26d6af0ce40bf1856ca
Score

10^/10

raccoon f6d7183c9e82d2a9b81e6c0608450aa66cefb51f discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonf6d7183c9e82d2a9b81e6c0608450aa66cefb51fdiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy