raccoon | c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8
Size

512KB
Sample

211002-l7m37aecfj
MD5

de53e8d73fe96e1ceab93e3aee4751ec
SHA1

98e010e66213ba828ead9debe86263bca9407509
SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8
SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Score

10^/10

raccoon fd16367b73441d6f39c715f71a74a399a84f0b41 collection discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8.exe

Resource

win10v20210408

raccoon fd16367b73441d6f39c715f71a74a399a84f0b41 collection discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

fd16367b73441d6f39c715f71a74a399a84f0b41

Attributes

url4cnc
http://teletop.top/terra11nc

http://teleta.top/terra11nc

https://t.me/terra11nc

rc4.plain

rc4.plain

Targets

- Target
  
  c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8
- Size
  
  512KB
- MD5
  
  de53e8d73fe96e1ceab93e3aee4751ec
- SHA1
  
  98e010e66213ba828ead9debe86263bca9407509
- SHA256
  
  c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8
- SHA512
  
  e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5
Score

10^/10

raccoon fd16367b73441d6f39c715f71a74a399a84f0b41 collection discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonfd16367b73441d6f39c715f71a74a399a84f0b41collectiondiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy