c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8

Tags

Signatures

• Modifies Windows Defender Real-time Protection settings

  Tags

  evasiontrojan

  TTPs

  Modify RegistryModify Existing ServiceDisabling Security Tools

• Modifies security service

  Tags

  evasion

  TTPs

  Modify RegistryModify Existing Service

• Raccoon

  Description

  Simple but powerful infostealer which was very active in 2019.

  Tags

  stealerraccoon

• Raccoon Stealer Payload

• Executes dropped EXE

• Checks computer location settings

  Description

  Looks up country code configured in the registry, likely geofence.

  TTPs

  Query RegistrySystem Information Discovery

• Loads dropped DLL

• Suspicious use of SetThreadContext

Related Tasks