raccoon | 0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c | Triage

Submit
Reports

Overview

overview

Static

static

0d462fa0fd...4c.exe

windows7_x64

0d462fa0fd...4c.exe

windows10-2004_x64

Sharing

General

Target

0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
Size

11.9MB
Sample

220511-28yjbafccl
MD5

ae44cb5905231939a38e31a32f521ec0
SHA1

bf1b665e2f791b924d9015262c8d6e16b71cb548
SHA256

0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
SHA512

34381d4fe7553e3325518bd85582f13d40db59f3bdecea18d1b2abea4b01816bcc325bfb693d0c5f9cb38786d000d4fa4938b56b968ab1fe614be7554dc82e3f

Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c.exe

Resource

win7-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c.exe

Resource

win10v2004-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
- Size
  
  11.9MB
- MD5
  
  ae44cb5905231939a38e31a32f521ec0
- SHA1
  
  bf1b665e2f791b924d9015262c8d6e16b71cb548
- SHA256
  
  0d462fa0fdc00ce5a692f1eeb5de988b9538986f73d12d0e782b4e6d1a6ee74c
- SHA512
  
  34381d4fe7553e3325518bd85582f13d40db59f3bdecea18d1b2abea4b01816bcc325bfb693d0c5f9cb38786d000d4fa4938b56b968ab1fe614be7554dc82e3f
Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan upx
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojanupx

behavioral2

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojanupx

© 2018-2024

Terms | Privacy