raccoon | 388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
Size

6.2MB
Sample

220828-txmnnschb7
MD5

1be314e1768d62086affbff540544abe
SHA1

936c3caa6dd2c5cab3629c63737106138522dc3e
SHA256

388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
SHA512

d1b659491c2f88f4c51e55c1b15701120cd00056d2088880af1138e35dd3b1955dd0e916a126d8a02616df8ee67b45ed9d64b522e56c1008fe8013e1400f8cc9
SSDEEP

98304:sruyIWhpz7PJU3hjsiBSIkMrzVXXU68V3etowGt4wXAsrUniSBOvGcFJKVY:IuyIW9UxjpDdEN3/DtLwdnLBOvGp+

Score

10^/10

raccoon ytstealer 3eb898957657df9f0625e29daa9c1704 discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa.exe

Resource

win10-20220812-en

raccoon ytstealer 3eb898957657df9f0625e29daa9c1704 discovery spyware stealer upx

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

3eb898957657df9f0625e29daa9c1704

C2

http://89.185.85.53/

rc4.plain

Targets

- Target
  
  388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
- Size
  
  6.2MB
- MD5
  
  1be314e1768d62086affbff540544abe
- SHA1
  
  936c3caa6dd2c5cab3629c63737106138522dc3e
- SHA256
  
  388795474ae18c4081a0ecc729fa8ccdc11472e6d5c116201ae6b8115a672bfa
- SHA512
  
  d1b659491c2f88f4c51e55c1b15701120cd00056d2088880af1138e35dd3b1955dd0e916a126d8a02616df8ee67b45ed9d64b522e56c1008fe8013e1400f8cc9
- SSDEEP
  
  98304:sruyIWhpz7PJU3hjsiBSIkMrzVXXU68V3etowGt4wXAsrUniSBOvGcFJKVY:IuyIW9UxjpDdEN3/DtLwdnLBOvGp+
Score

10^/10

raccoon ytstealer 3eb898957657df9f0625e29daa9c1704 discovery spyware stealer upx
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonytstealer3eb898957657df9f0625e29daa9c1704discoveryspywarestealerupx

© 2018-2024

Terms | Privacy