raccoon | 451b570a7464fabe22a1e96f448f43915bd9bb391ebfe1678968e8e35d6d29bf | Triage

Submit
Reports

Overview

overview

Static

static

5f1186983c...64.exe

windows7_x64

5f1186983c...64.exe

windows10_x64

Sharing

General

Target

5f1186983c5d905824f4fcf56d1c7b64
Size

406KB
Sample

211120-rgprzsfhg2
MD5

5f1186983c5d905824f4fcf56d1c7b64
SHA1

9182a08a44dc552a2938b69844e12fc0d7361cbc
SHA256

451b570a7464fabe22a1e96f448f43915bd9bb391ebfe1678968e8e35d6d29bf
SHA512

f68a948a352863916d550e3581a81bc1092c8ff0b5b4882fd72496f616d8feec42e65f13429f8f4ab02f7143accaab9e770110d002857642fa1dcbf24f47594d

Score

10^/10

raccoon redline 34b5c357572382155552cb40207e952f9f95264b xxluchxx1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5f1186983c5d905824f4fcf56d1c7b64.exe

Resource

win7-en-20211104

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5f1186983c5d905824f4fcf56d1c7b64.exe

Resource

win10-en-20211104

raccoon redline 34b5c357572382155552cb40207e952f9f95264b xxluchxx1 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

194.58.69.100:37026

Extracted

Family

redline

Botnet

xxluchxx1

C2

212.86.102.63:62907

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

34b5c357572382155552cb40207e952f9f95264b

Attributes

url4cnc
http://91.219.236.162/baldandbankrupt1
http://185.163.47.176/baldandbankrupt1
http://193.38.54.238/baldandbankrupt1
http://74.119.192.122/baldandbankrupt1
http://91.219.236.240/baldandbankrupt1
https://t.me/baldandbankrupt1

rc4.plain

rc4.plain

Targets

- Target
  
  5f1186983c5d905824f4fcf56d1c7b64
- Size
  
  406KB
- MD5
  
  5f1186983c5d905824f4fcf56d1c7b64
- SHA1
  
  9182a08a44dc552a2938b69844e12fc0d7361cbc
- SHA256
  
  451b570a7464fabe22a1e96f448f43915bd9bb391ebfe1678968e8e35d6d29bf
- SHA512
  
  f68a948a352863916d550e3581a81bc1092c8ff0b5b4882fd72496f616d8feec42e65f13429f8f4ab02f7143accaab9e770110d002857642fa1dcbf24f47594d
Score

10^/10

redline discovery infostealer spyware stealer raccoon 34b5c357572382155552cb40207e952f9f95264b xxluchxx1
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

raccoonredline34b5c357572382155552cb40207e952f9f95264bxxluchxx1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy