raccoon | 52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5 | Triage

Submit
Reports

Overview

overview

Static

static

52bd35dbb0...b5.exe

windows7_x64

52bd35dbb0...b5.exe

windows10-2004_x64

Sharing

General

Target

52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5
Size

10.1MB
Sample

220516-xqr7csffam
MD5

889956cee776d41937c39e225d3e72b6
SHA1

cc8d22b6c453deb2ac2826610cb001b3dd0e9771
SHA256

52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5
SHA512

2fde4df02392114a2e2676963d05d2a40c748710de7e30dad3deb1083fa1e991c85ae49520d679905ae21eaaed7f0458f38454ce04ea1d6544576f0ca3934de4

Score

10^/10

raccoon 8fe810873f688849dc81def1a46e795c11d65cab evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5.exe

Resource

win7-20220414-en

raccoon 8fe810873f688849dc81def1a46e795c11d65cab evasion stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5.exe

Resource

win10v2004-20220414-en

raccoon 8fe810873f688849dc81def1a46e795c11d65cab evasion stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

8fe810873f688849dc81def1a46e795c11d65cab

Attributes

url4cnc
https://telete.in/jredmankun

rc4.plain

rc4.plain

Targets

- Target
  
  52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5
- Size
  
  10.1MB
- MD5
  
  889956cee776d41937c39e225d3e72b6
- SHA1
  
  cc8d22b6c453deb2ac2826610cb001b3dd0e9771
- SHA256
  
  52bd35dbb0a393f952096a135fc0d8bddf2892977e72a547f604d53433addfb5
- SHA512
  
  2fde4df02392114a2e2676963d05d2a40c748710de7e30dad3deb1083fa1e991c85ae49520d679905ae21eaaed7f0458f38454ce04ea1d6544576f0ca3934de4
Score

10^/10

raccoon 8fe810873f688849dc81def1a46e795c11d65cab evasion stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Raccoon Stealer Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Install Root Certificate

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon8fe810873f688849dc81def1a46e795c11d65cabevasionstealertrojan

behavioral2

raccoon8fe810873f688849dc81def1a46e795c11d65cabevasionstealertrojan

© 2018-2024

Terms | Privacy