raccoon | 1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac | Triage

Submit
Reports

Overview

overview

Static

static

1dfdc5940e...ac.exe

windows7_x64

1dfdc5940e...ac.exe

windows10-2004_x64

Sharing

General

Target

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
Size

26.1MB
Sample

220511-3ajg6scfd8
MD5

0d90fb3791d8c81d57ba520d3cd50589
SHA1

2c758280791ec4ab5449c02fec4cdb59485faee4
SHA256

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
SHA512

09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238

Score

10^/10

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac.exe

Resource

win10v2004-20220414-en

raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

c763e433ef51ff4b6c545800e4ba3b3b1a2ea077

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
- Size
  
  26.1MB
- MD5
  
  0d90fb3791d8c81d57ba520d3cd50589
- SHA1
  
  2c758280791ec4ab5449c02fec4cdb59485faee4
- SHA256
  
  1dfdc5940eceee2c157af18d3f89960186cbf21f4fac2506ec4e152cc09df1ac
- SHA512
  
  09b36badc64a4415760b3deb4bea6121b0eb44905ecd6d4efe533989a1bac298deab72d46eba513c9b8a9abc77d628333b0bf1a8ce9391ff7acb26edbb650238
Score

10^/10

evasion trojan raccoon c763e433ef51ff4b6c545800e4ba3b3b1a2ea077 stealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoonc763e433ef51ff4b6c545800e4ba3b3b1a2ea077evasionstealertrojan

© 2018-2024

Terms | Privacy