raccoon | 89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9
Size

513KB
Sample

211002-n84tfaedgp
MD5

4d0f90fb39427a8bf7072403f5e0d746
SHA1

06186e6498b8120dd1f733e57231215e6f9945fe
SHA256

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9
SHA512

5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b

Score

10^/10

raccoon 1ec902112b48b86eaf116e67218e531d05852427 collection discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9.exe

Resource

win10v20210408

raccoon 1ec902112b48b86eaf116e67218e531d05852427 collection discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

1ec902112b48b86eaf116e67218e531d05852427

Attributes

url4cnc
http://teletop.top/papatikmikr0
http://teleta.top/papatikmikr0
https://t.me/papatikmikr0

rc4.plain

rc4.plain

Targets

- Target
  
  89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9
- Size
  
  513KB
- MD5
  
  4d0f90fb39427a8bf7072403f5e0d746
- SHA1
  
  06186e6498b8120dd1f733e57231215e6f9945fe
- SHA256
  
  89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9
- SHA512
  
  5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b
Score

10^/10

raccoon 1ec902112b48b86eaf116e67218e531d05852427 collection discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon1ec902112b48b86eaf116e67218e531d05852427collectiondiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy