raccoon | f846dfd55ce0099ceda453646bbd75836d41eb0b5b9da30496ca42c831d18ab6 | Triage

Submit
Reports

Overview

overview

Static

static

894ad7da5f...e5.exe

windows7-x64

1

894ad7da5f...e5.exe

windows10-2004-x64

Sharing

General

Target

894ad7da5feb50234864a95e060d48e5.exe
Size

292KB
Sample

220719-w12ywagaa2
MD5

894ad7da5feb50234864a95e060d48e5
SHA1

e24835829fdd613c5833ff2bd7ea0447c8376a4a
SHA256

f846dfd55ce0099ceda453646bbd75836d41eb0b5b9da30496ca42c831d18ab6
SHA512

b34f90e33baefea5cc2c49bd25a89475d8f3d1a14c8c14ed6fc629d34dabc66ac822228e2cb1316a22f0ea2d45eacc5306ebff2e8e71a0b2bc76e3e274ce162a

Score

10^/10

raccoon vidar 1415 spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

894ad7da5feb50234864a95e060d48e5.exe

Resource

win7-20220718-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

894ad7da5feb50234864a95e060d48e5.exe

Resource

win10v2004-20220718-en

raccoon vidar 1415 spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

53.2

Botnet

1415

C2

https://t.me/tgch_hijuly

https://c.im/@olegf9844h

Attributes

profile_id
1415

Targets

- Target
  
  894ad7da5feb50234864a95e060d48e5.exe
- Size
  
  292KB
- MD5
  
  894ad7da5feb50234864a95e060d48e5
- SHA1
  
  e24835829fdd613c5833ff2bd7ea0447c8376a4a
- SHA256
  
  f846dfd55ce0099ceda453646bbd75836d41eb0b5b9da30496ca42c831d18ab6
- SHA512
  
  b34f90e33baefea5cc2c49bd25a89475d8f3d1a14c8c14ed6fc629d34dabc66ac822228e2cb1316a22f0ea2d45eacc5306ebff2e8e71a0b2bc76e3e274ce162a
Score

10^/10

raccoon vidar 1415 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoonvidar1415spywarestealer

© 2018-2024

Terms | Privacy