112ab834c940929a9326af7e5b7d33649357d6e03c301db730519e00f2d40305

Tags

Signatures

• Modifies Windows Defender Real-time Protection settings

  Tags

  evasiontrojan

  TTPs

  Modify RegistryModify Existing ServiceDisabling Security Tools

• Modifies security service

  Tags

  evasion

  TTPs

  Modify RegistryModify Existing Service

• Raccoon

  Description

  Simple but powerful infostealer which was very active in 2019.

  Tags

  stealerraccoon

• Raccoon Stealer Payload

• Executes dropped EXE

• Checks computer location settings

  Description

  Looks up country code configured in the registry, likely geofence.

  TTPs

  Query RegistrySystem Information Discovery

• Loads dropped DLL

• Suspicious use of SetThreadContext

Related Tasks