raccoon | ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3 | Triage

Submit
Reports

Overview

overview

Static

static

ba289861d3...b3.exe

windows7_x64

ba289861d3...b3.exe

windows10-2004_x64

Sharing

General

Target

ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
Size

23.2MB
Sample

220419-cta22afgem
MD5

c10573770859062893e7a2baec3c2a32
SHA1

bbe7f6c5d1dbba6a46d55f16f81734f9518b8f92
SHA256

ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
SHA512

7087ffa1ebaa3e79111ed88c08866fddd99222237719d798759881f6417acbea12ddcee63b2f6018f25c82a71e94d47a8e7d04b7c382e708d507659f1ed3255f

Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3.exe

Resource

win7-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3.exe

Resource

win10v2004-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

0422feff6c251ddfdca83125d9b8ae570db3b316

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
- Size
  
  23.2MB
- MD5
  
  c10573770859062893e7a2baec3c2a32
- SHA1
  
  bbe7f6c5d1dbba6a46d55f16f81734f9518b8f92
- SHA256
  
  ba289861d345f9e5f529cd6a1e59b32e48824137237d1f98cb95c9a28e53a2b3
- SHA512
  
  7087ffa1ebaa3e79111ed88c08866fddd99222237719d798759881f6417acbea12ddcee63b2f6018f25c82a71e94d47a8e7d04b7c382e708d507659f1ed3255f
Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan upx
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316evasionstealertrojanupx

behavioral2

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316evasionstealertrojanupx

© 2018-2024

Terms | Privacy