raccoon

General

Target

adcbede09da13c2aa1e14aa9bb91817c
Size

310KB
Sample

220715-dn5j5adacq
MD5

adcbede09da13c2aa1e14aa9bb91817c
SHA1

63645ff0957d234eaec0141922208c70181cd70a
SHA256

31a8918d1ea465e8130afd39e4ff6335692756ffde95a840aff0bc0a7565cdf2
SHA512

929d124db01e627293248ffa4c242c9e4c769242e1db4ff76b422b23cee7d5dafc9dceb77c63338884967a4fbdcb986d93a9444da3b96b6b87953aa9f8422402

Score

10^/10

Malware Config

Targets

- Target
  
  adcbede09da13c2aa1e14aa9bb91817c
- Size
  
  310KB
- MD5
  
  adcbede09da13c2aa1e14aa9bb91817c
- SHA1
  
  63645ff0957d234eaec0141922208c70181cd70a
- SHA256
  
  31a8918d1ea465e8130afd39e4ff6335692756ffde95a840aff0bc0a7565cdf2
- SHA512
  
  929d124db01e627293248ffa4c242c9e4c769242e1db4ff76b422b23cee7d5dafc9dceb77c63338884967a4fbdcb986d93a9444da3b96b6b87953aa9f8422402
Score

10^/10

raccoon discovery spyware stealer suricata themida
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2