raccoon | 16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b | Triage

Submit
Reports

Overview

overview

Static

static

16add21762...7b.exe

windows7_x64

16add21762...7b.exe

windows10-2004_x64

Sharing

General

Target

16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b
Size

21.1MB
Sample

220511-24xffscdc9
MD5

d8d732922c11a5f9ae7abf4580ce58af
SHA1

55f3b06b60c561a928d956bea991a4409eb50d8e
SHA256

16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b
SHA512

2a58bef05f60c2cfc240be229a3b4abe8a1d01c3fa8361ca9ab9a58c343632efa44eccb8f9bd7657976e3d891bd52ad9f6972bd5e21897f8e153c9b3522d9e0e

Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b.exe

Resource

win10v2004-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b
- Size
  
  21.1MB
- MD5
  
  d8d732922c11a5f9ae7abf4580ce58af
- SHA1
  
  55f3b06b60c561a928d956bea991a4409eb50d8e
- SHA256
  
  16add217626ff23aed9e35d98358a3b67485f3ea1fef7b895c9c86dfe394127b
- SHA512
  
  2a58bef05f60c2cfc240be229a3b4abe8a1d01c3fa8361ca9ab9a58c343632efa44eccb8f9bd7657976e3d891bd52ad9f6972bd5e21897f8e153c9b3522d9e0e
Score

10^/10

evasion trojan raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

© 2018-2024

Terms | Privacy