raccoon | 71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e | Triage

Submit
Reports

Overview

overview

Static

static

71273ccf98...5e.exe

windows7_x64

71273ccf98...5e.exe

windows10-2004_x64

Sharing

General

Target

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
Size

23.9MB
Sample

220511-24va4acdc8
MD5

6ca4fb6e640d6da6066f5862cc79b09f
SHA1

b23f145e90da334b176b4f6a55e948f2cff48a77
SHA256

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
SHA512

6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb

Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e.exe

Resource

win7-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
- Size
  
  23.9MB
- MD5
  
  6ca4fb6e640d6da6066f5862cc79b09f
- SHA1
  
  b23f145e90da334b176b4f6a55e948f2cff48a77
- SHA256
  
  71273ccf9881c6a687023fa1c40df85278346d3229307aee6cea6e7f6910925e
- SHA512
  
  6d0578e4d44bc4652dddaa5c7a2bc4c02cc9d82832946824222a659898ac486d3dbaa8e25e979d258fd0e722a56e38b5279ef2b50227b73d1aa51a805a9f80eb
Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

behavioral2

© 2018-2024

Terms | Privacy