raccoon | c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8 | Triage

Submit
Reports

Overview

overview

Static

static

c83a43c964...c8.exe

windows7_x64

c83a43c964...c8.exe

windows10-2004_x64

Sharing

General

Target

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8
Size

23.9MB
Sample

220511-24r6qsfahm
MD5

5e09313befea3f8ef5567f724ada60fe
SHA1

48fab70a85e6da34fa0070163f7ea6ac16fc5d37
SHA256

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8
SHA512

9df529de88a8b8c157f7deac7e3998cca8f0dabeebda58f6dbc6ca3c22970897a0b7a51fab3562462b65de8e7830b3437612ab6ae999b90607007d1ba0c20598

Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8.exe

Resource

win7-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8
- Size
  
  23.9MB
- MD5
  
  5e09313befea3f8ef5567f724ada60fe
- SHA1
  
  48fab70a85e6da34fa0070163f7ea6ac16fc5d37
- SHA256
  
  c83a43c9645f2716288130f311314b673e66e20084b432ce3b8ce8cdf39782c8
- SHA512
  
  9df529de88a8b8c157f7deac7e3998cca8f0dabeebda58f6dbc6ca3c22970897a0b7a51fab3562462b65de8e7830b3437612ab6ae999b90607007d1ba0c20598
Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

behavioral2

© 2018-2024

Terms | Privacy