raccoon | ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa | Triage

Submit
Reports

Overview

overview

Static

static

ce8eea9eca...fa.exe

windows7_x64

ce8eea9eca...fa.exe

windows10-2004_x64

Sharing

General

Target

ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa
Size

6.4MB
Sample

220309-b2k2jacae7
MD5

fa4b2cef44dffb47ee11beb3991419dc
SHA1

aaee397957317398979e4a1bf0a8306a9d2926bd
SHA256

ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa
SHA512

f4ce6f2a78c6af30cdbcb6dad983592af2ca3c209b55356d739c45cee850fcbb1f7de30a85384aa20524f5ef52ab464b7cef1c599a2fa9adc2fbdbda6ab354bc

Score

10^/10

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa.exe

Resource

win7-en-20211208

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa.exe

Resource

win10v2004-en-20220113

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

5eaa41b3101d5537f786a35da1878f0d1d760e53

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa
- Size
  
  6.4MB
- MD5
  
  fa4b2cef44dffb47ee11beb3991419dc
- SHA1
  
  aaee397957317398979e4a1bf0a8306a9d2926bd
- SHA256
  
  ce8eea9ecacd36ac26bfae5dacd690d09d3e86f5a916b6dc33425fc8ce7aa5fa
- SHA512
  
  f4ce6f2a78c6af30cdbcb6dad983592af2ca3c209b55356d739c45cee850fcbb1f7de30a85384aa20524f5ef52ab464b7cef1c599a2fa9adc2fbdbda6ab354bc
Score

10^/10

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53discoveryevasionstealertrojan

behavioral2

raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53discoveryevasionstealertrojan

© 2018-2024

Terms | Privacy