raccoon | 4715de346335933da6b30b66030d0c574bfe464f332c327424b861e401f30cb6 | Triage

Submit
Reports

Overview

overview

Static

static

5573d5eb50...fb.exe

windows7-x64

5573d5eb50...fb.exe

windows10-2004-x64

Sharing

General

Target

5573d5eb509dc3f68f674c95b3718dfb.exe
Size

7.0MB
Sample

220802-sa1rcahcdp
MD5

5573d5eb509dc3f68f674c95b3718dfb
SHA1

2d9e58b7c1f85355a50bb6fff7708be675d063c0
SHA256

4715de346335933da6b30b66030d0c574bfe464f332c327424b861e401f30cb6
SHA512

33df579b25a31aadd645e330196c973752362aa242df3bec56aec5528231440d034a1906f23d3a9fb8cc74c0f25b8e7a8fc38fce0f475c2c5cc4c9f13534b857

Score

10^/10

raccoon ytstealer b411699deaa52994b115ef42d0917fdd discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

5573d5eb509dc3f68f674c95b3718dfb.exe

Resource

win7-20220715-en

raccoon ytstealer b411699deaa52994b115ef42d0917fdd discovery spyware stealer upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

5573d5eb509dc3f68f674c95b3718dfb.exe

Resource

win10v2004-20220721-en

raccoon b411699deaa52994b115ef42d0917fdd stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

b411699deaa52994b115ef42d0917fdd

C2

http://91.234.254.126/

rc4.plain

Targets

- Target
  
  5573d5eb509dc3f68f674c95b3718dfb.exe
- Size
  
  7.0MB
- MD5
  
  5573d5eb509dc3f68f674c95b3718dfb
- SHA1
  
  2d9e58b7c1f85355a50bb6fff7708be675d063c0
- SHA256
  
  4715de346335933da6b30b66030d0c574bfe464f332c327424b861e401f30cb6
- SHA512
  
  33df579b25a31aadd645e330196c973752362aa242df3bec56aec5528231440d034a1906f23d3a9fb8cc74c0f25b8e7a8fc38fce0f475c2c5cc4c9f13534b857
Score

10^/10

raccoon ytstealer b411699deaa52994b115ef42d0917fdd discovery spyware stealer upx
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonytstealerb411699deaa52994b115ef42d0917fdddiscoveryspywarestealerupx

behavioral2

raccoonb411699deaa52994b115ef42d0917fddstealer

© 2018-2024

Terms | Privacy