raccoon | a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0 | Triage

Submit
Reports

Overview

overview

Static

static

a3de2c0a2b...a0.exe

windows7_x64

a3de2c0a2b...a0.exe

windows10-2004_x64

Sharing

General

Target

a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
Size

21.3MB
Sample

220419-cst4hsbdb5
MD5

a2c4b05a18fae87bf93ee0952e4dd87e
SHA1

a797967d964d4af37624a8f4140338cee59f0b04
SHA256

a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
SHA512

66743faa10b11e4964592b9bd1cd065f92da649caec5ad9b895a9227db55bb6ba7dcebe2f01359d46816a2542fa4bf58aa24c6fa75648c9b6e05d9a765b0c119

Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0.exe

Resource

win7-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0.exe

Resource

win10v2004-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

0422feff6c251ddfdca83125d9b8ae570db3b316

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
- Size
  
  21.3MB
- MD5
  
  a2c4b05a18fae87bf93ee0952e4dd87e
- SHA1
  
  a797967d964d4af37624a8f4140338cee59f0b04
- SHA256
  
  a3de2c0a2b07bec06bbc0234f52b1f0eca2a8e2b2894c8aa799272d96ac93ca0
- SHA512
  
  66743faa10b11e4964592b9bd1cd065f92da649caec5ad9b895a9227db55bb6ba7dcebe2f01359d46816a2542fa4bf58aa24c6fa75648c9b6e05d9a765b0c119
Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316evasionstealertrojanupx

behavioral2

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316evasionstealertrojanupx

© 2018-2024

Terms | Privacy