raccoon | 9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
Size

340KB
Sample

220802-l44lrsdfe2
MD5

e83348ed800e307732d6a674ffec8a90
SHA1

9de9d2ea7512f3c76687b2d7c6ec695af477b538
SHA256

9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
SHA512

18bb3f93e5586001f43d673df5c13df061e7fc68b6593c10e1db70c95c18072db4951ef68b2c461c3a60791ce77024117ee461c1a7e15a1a1c57446d4d4371e4

Score

10^/10

raccoon 125a9422607402ad773f580d72e3170b stealer vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198.exe

Resource

win10v2004-20220721-en

raccoon 125a9422607402ad773f580d72e3170b stealer vmprotect

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

125a9422607402ad773f580d72e3170b

C2

http://91.242.229.142/

rc4.plain

Targets

- Target
  
  9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
- Size
  
  340KB
- MD5
  
  e83348ed800e307732d6a674ffec8a90
- SHA1
  
  9de9d2ea7512f3c76687b2d7c6ec695af477b538
- SHA256
  
  9c31cbdfa968ba3596b2def16918deef63b0c91fcef4999b8b8c6b44ead8e198
- SHA512
  
  18bb3f93e5586001f43d673df5c13df061e7fc68b6593c10e1db70c95c18072db4951ef68b2c461c3a60791ce77024117ee461c1a7e15a1a1c57446d4d4371e4
Score

10^/10

raccoon 125a9422607402ad773f580d72e3170b stealer vmprotect
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon125a9422607402ad773f580d72e3170bstealervmprotect

© 2018-2024

Terms | Privacy