raccoon

General

Target

c792a79219ef722a7b0f45b0c59beea8
Size

545KB
Sample

211001-y5jzzadcdp
MD5

c792a79219ef722a7b0f45b0c59beea8
SHA1

8d06d36168c7147655b54ef43c525bf25916073c
SHA256

25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1
SHA512

db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19

Score

10^/10

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

1ec902112b48b86eaf116e67218e531d05852427

Attributes

url4cnc
http://teletop.top/papatikmikr0

http://teleta.top/papatikmikr0

https://t.me/papatikmikr0

rc4.plain

Targets

- Target
  
  c792a79219ef722a7b0f45b0c59beea8
- Size
  
  545KB
- MD5
  
  c792a79219ef722a7b0f45b0c59beea8
- SHA1
  
  8d06d36168c7147655b54ef43c525bf25916073c
- SHA256
  
  25f0da89dfe9a691b9cd1b684d152e51796e90dda51b7bf9a962abd1d7a9fcb1
- SHA512
  
  db167eea04ff78ed42c18c7de5810c1a4eeb6ce427c85cd2f8df14ea8d73e74980e5b0355b049782fa67aefd6d3a85440e006892a644a72cce662a5ed2b4eb19
Score

10^/10

raccoon 1ec902112b48b86eaf116e67218e531d05852427 collection discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

Downloads MZ/PE file

Deletes itself

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2