raccoon | 6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3
Size

5.5MB
Sample

220607-q6n2bafah4
MD5

813b7d858ed4cc0527926a99aaa45937
SHA1

a0f439b3832bb5cf6ea509cda69d4c1f7a20b9f0
SHA256

6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3
SHA512

29e70ead8d4f42bb5913371e2eaaecd1df466f9b6d89d80c0ecba93beeea76bf97054fe7f6354e8ae905f91697ec5ce509e707ea7eed7e708eac56f6bd91817f

Score

10^/10

raccoon 2e76ef3db69c0aaf1af8319ea2bd6e91 evasion stealer suricata themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3.exe

Resource

win10v2004-20220414-en

raccoon 2e76ef3db69c0aaf1af8319ea2bd6e91 evasion stealer suricata themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

2e76ef3db69c0aaf1af8319ea2bd6e91

C2

http://185.106.94.148/

rc4.plain

rc4.plain

Targets

- Target
  
  6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3
- Size
  
  5.5MB
- MD5
  
  813b7d858ed4cc0527926a99aaa45937
- SHA1
  
  a0f439b3832bb5cf6ea509cda69d4c1f7a20b9f0
- SHA256
  
  6f4e7b117124a1b5a27dfd9a7a3e03b46e84000a992e1029f0cfb62bb77fc3f3
- SHA512
  
  29e70ead8d4f42bb5913371e2eaaecd1df466f9b6d89d80c0ecba93beeea76bf97054fe7f6354e8ae905f91697ec5ce509e707ea7eed7e708eac56f6bd91817f
Score

10^/10

raccoon 2e76ef3db69c0aaf1af8319ea2bd6e91 evasion stealer suricata themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon2e76ef3db69c0aaf1af8319ea2bd6e91evasionstealersuricatathemidatrojan

© 2018-2024

Terms | Privacy