raccoon | 36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10_x64

Sharing

General

Target

36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
Size

7.0MB
Sample

220115-3g67tafba5
MD5

e3ed9dadf89ab9d1cfd468ac0aff67a8
SHA1

e9bed57ce527549f5b3b4e2f54f8ba903acfd3e3
SHA256

36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
SHA512

8c6755caf28c0e82303f87124dc2fb402bd41017230df7e6d339834225c3bf97de59660c9dfd55896e2f6fafd4b20ea03a5000657e0c9805496b05d8ac3cab53

Score

10^/10

raccoon agilenet persistence pyinstaller stealer

Static task

static1

Behavioral task

behavioral1

Sample

36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c.exe

Resource

win10-en-20211208

raccoon agilenet persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.4-hotfixs

rc4.plain

Targets

- Target
  
  36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
- Size
  
  7.0MB
- MD5
  
  e3ed9dadf89ab9d1cfd468ac0aff67a8
- SHA1
  
  e9bed57ce527549f5b3b4e2f54f8ba903acfd3e3
- SHA256
  
  36227451bca557ea1488a46b8642d1eebceeeaed14c34e96f216a56321bff60c
- SHA512
  
  8c6755caf28c0e82303f87124dc2fb402bd41017230df7e6d339834225c3bf97de59660c9dfd55896e2f6fafd4b20ea03a5000657e0c9805496b05d8ac3cab53
Score

10^/10

raccoon agilenet persistence stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoonagilenetpersistencestealer

© 2018-2024

Terms | Privacy