raccoon | 5989b781d8ad5f8de91ba8c422775beca32e65f2c26f8b984bc32000fe0e1f14 | Triage

Submit
Reports

Overview

overview

Static

static

Adobe Phot...ch.exe

windows7-x64

Adobe Phot...ch.exe

windows10-2004-x64

Sharing

General

Target

Adobe Photoshop.zip
Size

80.0MB
Sample

220731-yk13rafaal
MD5

3b923500309cc068c36e53658d44a5b7
SHA1

a6c484b2580f336891a7f17143d344db1e70121c
SHA256

5989b781d8ad5f8de91ba8c422775beca32e65f2c26f8b984bc32000fe0e1f14
SHA512

8acd10d7c4c333781bb62979c1d048d1e2463792661d9f09f4d7d5e9a2b971de34b5f9bc6adcd9f72067842962d69223040b37a7429ef060e1ba42f129644a12

Score

10^/10

raccoon 8f4e4706e9b4e3a904862901d32e2123 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Adobe Photoshop/launch.exe

Resource

win7-20220718-en

raccoon 8f4e4706e9b4e3a904862901d32e2123 stealer

windows7-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

Adobe Photoshop/launch.exe

Resource

win10v2004-20220721-en

raccoon 8f4e4706e9b4e3a904862901d32e2123 discovery spyware stealer

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

raccoon

Botnet

8f4e4706e9b4e3a904862901d32e2123

C2

http://78.159.97.21/

rc4.plain

Targets

- Target
  
  Adobe Photoshop/launch.exe
- Size
  
  726.9MB
- MD5
  
  82b2e51d00cd2772192c2b95d3f2397a
- SHA1
  
  9a2016129ff3705578b1515081afe70fdc773b05
- SHA256
  
  3315a41edc891859ff09a80ad17011408aef7456fd3f75619dccb180c69e54ba
- SHA512
  
  6575a1b4d43737e5d3e837d993387e0a64afca9a022d2c1db11a024f5b74405273a11e5ef408520827f983dd930516c9c2ae7cbbd84057321cd3a6cbd02a5872
Score

10^/10

raccoon 8f4e4706e9b4e3a904862901d32e2123 stealer discovery spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon8f4e4706e9b4e3a904862901d32e2123stealer

behavioral2

raccoon8f4e4706e9b4e3a904862901d32e2123discoveryspywarestealer

© 2018-2024

Terms | Privacy