raccoon | 808a1353be2e23a511c577b86ca5c2e37ee4a30d8b5abde669e7cc2f9d91d5e2 | Triage

Sharing

General

Target

dad9a8e22c210176ffb0402f1dc02444
Size

278KB
Sample

211118-hbsr1sbgcq
MD5

dad9a8e22c210176ffb0402f1dc02444
SHA1

5d6384435146967bf86c8f55b13a44998f7f51ce
SHA256

808a1353be2e23a511c577b86ca5c2e37ee4a30d8b5abde669e7cc2f9d91d5e2
SHA512

0e2b91204c241c6725780d76b795273eb02d995d4cad107b70aba03e3564f0f9808a1b54ca0d1caf2757bde24f12aa055b38c0cd81da1af109bde3c24e9a70f2

Score

10^/10

raccoon smokeloader 14b265e74e2847e8408db7ca21fe6fe2e9ab5767 backdoor collection stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rsuehfidvdkfvk.top/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

14b265e74e2847e8408db7ca21fe6fe2e9ab5767

Attributes

url4cnc
http://91.219.236.162/masterdanteloma
http://185.163.47.176/masterdanteloma
http://193.38.54.238/masterdanteloma
http://74.119.192.122/masterdanteloma
http://91.219.236.240/masterdanteloma
https://t.me/masterdanteloma

rc4.plain

rc4.plain

Targets

- Target
  
  dad9a8e22c210176ffb0402f1dc02444
- Size
  
  278KB
- MD5
  
  dad9a8e22c210176ffb0402f1dc02444
- SHA1
  
  5d6384435146967bf86c8f55b13a44998f7f51ce
- SHA256
  
  808a1353be2e23a511c577b86ca5c2e37ee4a30d8b5abde669e7cc2f9d91d5e2
- SHA512
  
  0e2b91204c241c6725780d76b795273eb02d995d4cad107b70aba03e3564f0f9808a1b54ca0d1caf2757bde24f12aa055b38c0cd81da1af109bde3c24e9a70f2
Score

10^/10

raccoon smokeloader 14b265e74e2847e8408db7ca21fe6fe2e9ab5767 backdoor collection stealer trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonsmokeloader14b265e74e2847e8408db7ca21fe6fe2e9ab5767backdoorcollectionstealertrojan

behavioral2

raccoonsmokeloader14b265e74e2847e8408db7ca21fe6fe2e9ab5767backdoorcollectionstealertrojan