raccoon | f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Resubmissions

06-10-2021 15:33

211006-szlnqabehj 10

04-10-2021 12:00

211004-n6asksgdal 10

Sharing

General

Target

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5
Size

539KB
Sample

211004-n6asksgdal
MD5

39334f7bcc79560e4cba9026fcae6151
SHA1

eb95a578bb947f52bdf0b779b90f605c5a3277d3
SHA256

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5
SHA512

c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e

Score

10^/10

raccoon e672747afc67feb221ca60f8fc9e03adcf10f038 collection discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5.exe

Resource

win10-en-20210920

raccoon e672747afc67feb221ca60f8fc9e03adcf10f038 collection discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

e672747afc67feb221ca60f8fc9e03adcf10f038

Attributes

url4cnc
http://teletop.top/youyouhell0world

http://teleta.top/youyouhell0world

https://t.me/youyouhell0world

rc4.plain

rc4.plain

Targets

- Target
  
  f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5
- Size
  
  539KB
- MD5
  
  39334f7bcc79560e4cba9026fcae6151
- SHA1
  
  eb95a578bb947f52bdf0b779b90f605c5a3277d3
- SHA256
  
  f45b444b6e8d66dc8d97e8ec397a4ffbf1545bef57d783ec906d2c7695b25ac5
- SHA512
  
  c4fc970ec0e46207002cd1785c391fda1b1b6b1eb53ae1179f54df02d172dd75fb4269b00f1586bc164f90a419330b6f3f43fa19a25e64e8722a32db4ce5184e
Score

10^/10

raccoon e672747afc67feb221ca60f8fc9e03adcf10f038 collection discovery spyware stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoone672747afc67feb221ca60f8fc9e03adcf10f038collectiondiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy