raccoon

General

Target

7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
Size

7.5MB
Sample

220320-bh6h5adghr
MD5

880fb4689a9b08d4c3e7e2c432608949
SHA1

beecf5c8ff73c04a0ac94a47cab805876c7fbadf
SHA256

7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
SHA512

8341a4320428f64795b3b2a4171e852a1e894dbf9999c3f43db40198e0ea6330226d9d6377efcf3cf6c18a1c3e7d922946707c7bfc8a92908db3dccd476f9bbf

Score

10^/10

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

5eaa41b3101d5537f786a35da1878f0d1d760e53

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

Targets

- Target
  
  7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
- Size
  
  7.5MB
- MD5
  
  880fb4689a9b08d4c3e7e2c432608949
- SHA1
  
  beecf5c8ff73c04a0ac94a47cab805876c7fbadf
- SHA256
  
  7812e73cb8301637b765cde96a7eb583e0b879fb2a18066ea4d01c132814f6f2
- SHA512
  
  8341a4320428f64795b3b2a4171e852a1e894dbf9999c3f43db40198e0ea6330226d9d6377efcf3cf6c18a1c3e7d922946707c7bfc8a92908db3dccd476f9bbf
Score

10^/10

discovery raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 evasion stealer themida trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

4

T1012

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer Payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Drops file in Drivers directory

Executes dropped EXE

Checks BIOS information in registry

Checks computer location settings

Loads dropped DLL

Themida packer

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2