raccoon | ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36
Size

1.2MB
Sample

220805-mcrnkabbaq
MD5

7c890947ac6e9282321d6fac703b1838
SHA1

5b1ee7ffec670b7bafb2e93cb1dd5ab6208b7394
SHA256

ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36
SHA512

36d0a32b8ece6607543ba61383c8bc588f7aca3649389024c1326d48b98d7a162a20b1ca4d45581745cf69de1329ee8d585edeec091cda6894cb46353a623543

Score

10^/10

raccoon redline 4 @tag12312341 f0c8034c83808635df0d9d8726d1bfd6 nam3 discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36.exe

Resource

win10v2004-20220721-en

raccoon redline 4 @tag12312341 f0c8034c83808635df0d9d8726d1bfd6 nam3 discovery infostealer persistence spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

4

C2

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

C2

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

raccoon

Botnet

f0c8034c83808635df0d9d8726d1bfd6

C2

http://45.95.11.158/

rc4.plain

Targets

- Target
  
  ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36
- Size
  
  1.2MB
- MD5
  
  7c890947ac6e9282321d6fac703b1838
- SHA1
  
  5b1ee7ffec670b7bafb2e93cb1dd5ab6208b7394
- SHA256
  
  ef825a80323d1b7174699bbd9e53b72edf39991bd358b33ec774242e8c6b0f36
- SHA512
  
  36d0a32b8ece6607543ba61383c8bc588f7aca3649389024c1326d48b98d7a162a20b1ca4d45581745cf69de1329ee8d585edeec091cda6894cb46353a623543
Score

10^/10

raccoon redline 4 @tag12312341 f0c8034c83808635df0d9d8726d1bfd6 nam3 discovery infostealer persistence spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoonredline4@tag12312341f0c8034c83808635df0d9d8726d1bfd6nam3discoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy