c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

Target

Size

512KB

Sample

211002-l7m37aecfj

Score

10 ^/10

MD5

de53e8d73fe96e1ceab93e3aee4751ec

SHA1

98e010e66213ba828ead9debe86263bca9407509

SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Extracted

Family	raccoon
Version	1.8.2
Botnet	fd16367b73441d6f39c715f71a74a399a84f0b41
Attributes	url4cnc http://teletop.top/terra11nc http://teleta.top/terra11nc https://t.me/terra11nc
rc4.plain
rc4.plain

Target

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

MD5

de53e8d73fe96e1ceab93e3aee4751ec

Filesize

512KB

Score

10^/10

SHA1

98e010e66213ba828ead9debe86263bca9407509

SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Signatures

Raccoon
Description

Simple but powerful infostealer which was very active in 2019.
Tags

stealer raccoon
suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
Description

suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
Tags

suricata
suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
Description

suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
Tags

suricata
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook accounts
Tags

collection

TTPs

Email Collection
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

raccoon fd16367b73441d6f39c715f71a74a399a84f0b41 collection discovery spyware stealer suricata

10^/10

Extracted

Tags

Signatures

Raccoon

Description

Tags

suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

Description

Tags

suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

Description

Tags

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook accounts

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1