raccoon | 40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Resubmissions

18-06-2022 13:40

220618-qypymsbfg5 10

14-06-2022 08:19

220614-j72kgachcl 10

Sharing

General

Target

40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273
Size

188KB
Sample

220614-j72kgachcl
MD5

05a000d526a6e95be2b08e650394fa40
SHA1

b4cf85691dcc7c6e2d709b292056d404e7fb58f0
SHA256

40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273
SHA512

c8fb417b6991e9c35186058a06de58d89ba2b684b22b9203b63b730e58e864832c1ada7e4593fd20e77156e738b3585036b430631c34d3f795c0f696a334c677

Score

10^/10

raccoon 403f7b121a3afd9e8d27f945140b8a92 discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273.exe

Resource

win10-20220414-en

raccoon 403f7b121a3afd9e8d27f945140b8a92 discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

403f7b121a3afd9e8d27f945140b8a92

C2

http://2.58.56.247

rc4.plain

rc4.plain

Targets

- Target
  
  40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273
- Size
  
  188KB
- MD5
  
  05a000d526a6e95be2b08e650394fa40
- SHA1
  
  b4cf85691dcc7c6e2d709b292056d404e7fb58f0
- SHA256
  
  40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273
- SHA512
  
  c8fb417b6991e9c35186058a06de58d89ba2b684b22b9203b63b730e58e864832c1ada7e4593fd20e77156e738b3585036b430631c34d3f795c0f696a334c677
Score

10^/10

raccoon 403f7b121a3afd9e8d27f945140b8a92 discovery spyware stealer suricata
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- suricata: ET MALWARE Generic Stealer Config Download Request
  suricata: ET MALWARE Generic Stealer Config Download Request
  suricata
- suricata: ET MALWARE Generic Stealer Sending System Information M1
  suricata: ET MALWARE Generic Stealer Sending System Information M1
  suricata
- suricata: ET MALWARE Generic Stealer Sending System Information M2
  suricata: ET MALWARE Generic Stealer Sending System Information M2
  suricata
- suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata: ET MALWARE Recordbreaker Stealer CnC Checkin
  suricata
- suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata: ET MALWARE Win32/RecordBreaker CnC Checkin
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon403f7b121a3afd9e8d27f945140b8a92discoveryspywarestealersuricata

© 2018-2024

Terms | Privacy