raccoon | 6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04 | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10_x64

Sharing

General

Target

6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
Size

4.1MB
Sample

220610-qc14sabdaq
MD5

361082e2534e6bf2faa27de1fd76492a
SHA1

5f2f00698de0a9f6f5b31bf495cf12597c510f7c
SHA256

6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
SHA512

43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436

Score

10^/10

raccoon 5dbb6dd0ee6f4515b2788cf3204b96af evasion stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04.exe

Resource

win10-20220414-en

raccoon 5dbb6dd0ee6f4515b2788cf3204b96af evasion stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

5dbb6dd0ee6f4515b2788cf3204b96af

C2

http://185.227.111.81/

rc4.plain

rc4.plain

Targets

- Target
  
  6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
- Size
  
  4.1MB
- MD5
  
  361082e2534e6bf2faa27de1fd76492a
- SHA1
  
  5f2f00698de0a9f6f5b31bf495cf12597c510f7c
- SHA256
  
  6e7e69cd1c9b24f6a36870ec5ae6c31c69022fb48d3fdf59bcda5c1528bc9c04
- SHA512
  
  43b9ba0e2636f6f2ad726fe4d71b2e44e96e4ecf413c1f544bd245ba64f1cca7056372602b9bfd6f1f0174e05bcc2894cfbfdbf451e007d6d96e566d44a2d436
Score

10^/10

raccoon 5dbb6dd0ee6f4515b2788cf3204b96af evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon5dbb6dd0ee6f4515b2788cf3204b96afevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy