raccoon | 244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d | Triage

Submit
Reports

Overview

overview

Static

static

244c096179...8d.exe

windows7_x64

244c096179...8d.exe

windows10-2004_x64

Sharing

General

Target

244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
Size

6.1MB
Sample

220327-d4qe5scgb7
MD5

c859fb3bca9940a5768c6f30ddf7fc68
SHA1

2706e6c0db0b097d53e442f571d574152822e7a4
SHA256

244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
SHA512

286a517137f9759d04d8b50b3ac685a59c29a83f3a1027ff6f3c586b9b06e20e104b7230a7ddfc25fc63ed92692a7b03d9a75a2cd5a859803300bafc9ed2cc48

Score

10^/10

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d.exe

Resource

win7-20220331-en

discovery evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d.exe

Resource

win10v2004-en-20220113

raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 discovery evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

5eaa41b3101d5537f786a35da1878f0d1d760e53

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
- Size
  
  6.1MB
- MD5
  
  c859fb3bca9940a5768c6f30ddf7fc68
- SHA1
  
  2706e6c0db0b097d53e442f571d574152822e7a4
- SHA256
  
  244c09617954b56c76689d1af9478f5790a19a327dccf9c8d4856c2c6114b68d
- SHA512
  
  286a517137f9759d04d8b50b3ac685a59c29a83f3a1027ff6f3c586b9b06e20e104b7230a7ddfc25fc63ed92692a7b03d9a75a2cd5a859803300bafc9ed2cc48
Score

10^/10

discovery evasion trojan raccoon 5eaa41b3101d5537f786a35da1878f0d1d760e53 stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

raccoon5eaa41b3101d5537f786a35da1878f0d1d760e53discoveryevasionstealertrojan

© 2018-2024

Terms | Privacy