raccoon | a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7 | Triage

Submit
Reports

Overview

overview

Static

static

a3436309e3...e7.exe

windows7_x64

a3436309e3...e7.exe

windows10-2004_x64

Sharing

General

Target

a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
Size

24.1MB
Sample

220309-cxrh7afbgl
MD5

d6ecdc8b02968b28ba4a1822cb2c13d8
SHA1

97c70c98cc01b6a3aa9f145ce5316963a6630ddd
SHA256

a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
SHA512

8c7b84c07ac74c84ecc1aa4f500ed9776c4d906728cde36e6d4b66398337057ed49324071095b4fb0cf1dc4d93fa011666dfc0f039a4ee5a7cad9994221f06fb

Score

10^/10

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 evasion stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7.exe

Resource

win7-en-20211208

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 evasion stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7.exe

Resource

win10v2004-en-20220113

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 evasion stealer trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

5eaa41b3101d5537f786a35da1878f0d1d760e53

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
- Size
  
  24.1MB
- MD5
  
  d6ecdc8b02968b28ba4a1822cb2c13d8
- SHA1
  
  97c70c98cc01b6a3aa9f145ce5316963a6630ddd
- SHA256
  
  a3436309e3d4872d12524b2249934a65130e4771e97380de912f37d485c8d2e7
- SHA512
  
  8c7b84c07ac74c84ecc1aa4f500ed9776c4d906728cde36e6d4b66398337057ed49324071095b4fb0cf1dc4d93fa011666dfc0f039a4ee5a7cad9994221f06fb
Score

10^/10

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 evasion stealer trojan upx
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53evasionstealertrojanupx

behavioral2

raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53evasionstealertrojanupx

© 2018-2024

Terms | Privacy