raccoon | 67ad7348d5bfbb13a98697962b46a7a833137b636b49c6eac2829c2d425e9dfa | Triage

Submit
Reports

Overview

overview

Static

static

67ad7348d5...9c.exe

windows7_x64

67ad7348d5...9c.exe

windows10_x64

Sharing

General

Target

67ad7348d5bfbb13a98697962b46a7a833137b636b49c.exe
Size

589KB
Sample

211119-trdhtadha5
MD5

a2c3826863109c3b1e9abff4fcb7408b
SHA1

adc6597ab649cad70333ae15a8b5186b5da360a0
SHA256

67ad7348d5bfbb13a98697962b46a7a833137b636b49c6eac2829c2d425e9dfa
SHA512

58710d5c5b7a1a327ea5ee75510eee68df561b925094957e5b664e1077abd31c82e9801f94c0247b40b5e035e5ec4cf807498bef1aba3e8d37c707b53c9fee36

Score

10^/10

raccoon redline 34b5c357572382155552cb40207e952f9f95264b xxluchxx1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

67ad7348d5bfbb13a98697962b46a7a833137b636b49c.exe

Resource

win7-en-20211014

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

67ad7348d5bfbb13a98697962b46a7a833137b636b49c.exe

Resource

win10-en-20211104

raccoon redline 34b5c357572382155552cb40207e952f9f95264b xxluchxx1 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

jaromawanave.xyz:80

Extracted

Family

redline

Botnet

xxluchxx1

C2

212.86.102.63:62907

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

34b5c357572382155552cb40207e952f9f95264b

Attributes

url4cnc
http://91.219.236.162/baldandbankrupt1
http://185.163.47.176/baldandbankrupt1
http://193.38.54.238/baldandbankrupt1
http://74.119.192.122/baldandbankrupt1
http://91.219.236.240/baldandbankrupt1
https://t.me/baldandbankrupt1

rc4.plain

rc4.plain

Targets

- Target
  
  67ad7348d5bfbb13a98697962b46a7a833137b636b49c.exe
- Size
  
  589KB
- MD5
  
  a2c3826863109c3b1e9abff4fcb7408b
- SHA1
  
  adc6597ab649cad70333ae15a8b5186b5da360a0
- SHA256
  
  67ad7348d5bfbb13a98697962b46a7a833137b636b49c6eac2829c2d425e9dfa
- SHA512
  
  58710d5c5b7a1a327ea5ee75510eee68df561b925094957e5b664e1077abd31c82e9801f94c0247b40b5e035e5ec4cf807498bef1aba3e8d37c707b53c9fee36
Score

10^/10

redline discovery infostealer spyware stealer raccoon 34b5c357572382155552cb40207e952f9f95264b xxluchxx1
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

raccoonredline34b5c357572382155552cb40207e952f9f95264bxxluchxx1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy