raccoon | 1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa | Triage

Submit
Reports

Overview

overview

Static

static

1fb3afe777...aa.exe

windows7_x64

1fb3afe777...aa.exe

windows10-2004_x64

Sharing

General

Target

1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa
Size

20.8MB
Sample

220427-rxgfjshdb7
MD5

97d32f85f7f0c3a67033bf439eb350ea
SHA1

d9dbfbb97cd4c4c93b044f454d83afc26e361ecd
SHA256

1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa
SHA512

f3fd99ce43edcb8e2fd818e0e445a9a3a232ec900f6820ab025099f1836a7136aa7640d5db897ace23bcb3241e6f1fad7f71104c55c1b17ddecea4b3a212d87b

Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 agilenet evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa.exe

Resource

win7-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 agilenet evasion stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa.exe

Resource

win10v2004-20220414-en

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.1-hotfix

Botnet

0422feff6c251ddfdca83125d9b8ae570db3b316

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa
- Size
  
  20.8MB
- MD5
  
  97d32f85f7f0c3a67033bf439eb350ea
- SHA1
  
  d9dbfbb97cd4c4c93b044f454d83afc26e361ecd
- SHA256
  
  1fb3afe777f5c29faa4523ada76f579708e4177ad3b18c84891183c0288ac0aa
- SHA512
  
  f3fd99ce43edcb8e2fd818e0e445a9a3a232ec900f6820ab025099f1836a7136aa7640d5db897ace23bcb3241e6f1fad7f71104c55c1b17ddecea4b3a212d87b
Score

10^/10

raccoon 0422feff6c251ddfdca83125d9b8ae570db3b316 agilenet evasion stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316agilenetevasionstealertrojan

behavioral2

raccoon0422feff6c251ddfdca83125d9b8ae570db3b316evasionstealertrojan

© 2018-2024

Terms | Privacy