raccoon | be4ed5a51f14038fe8da76e0acd84d1844788f27aa6ea6fc38a5d66b3b17637f | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

446KB
Sample

220905-qex5xacbe2
MD5

a6ccb957adc86a54f408e8078ca063eb
SHA1

fc9074a7067530ceb86f54eee5391a812b33fb6e
SHA256

be4ed5a51f14038fe8da76e0acd84d1844788f27aa6ea6fc38a5d66b3b17637f
SHA512

6cbeb1f43e037dedf278860533df7cc0bf05ec97d7091d60e36d96b71d9e2c4bb00729f496147822d304ea5bca4d7bc3b20658ae43314dc618775f97cadcacf8
SSDEEP

6144:rHivxtmw0lNbouFhjYnnQ9KPAN7cHlsfxPop9/M+AQWhMv934IwrTPGFP:rnbRFhkQ9Ki7cSFa97aM134hOP

Score

10^/10

raccoon redline 77602e57d19524a205ffcb84db4a013b infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

raccoon redline 77602e57d19524a205ffcb84db4a013b infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

raccoon redline 77602e57d19524a205ffcb84db4a013b infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

77602e57d19524a205ffcb84db4a013b

C2

http://93.185.166.43/

rc4.plain

Extracted

Family

redline

C2

78.24.216.5:42717

Attributes

auth_value
6687e352a0604d495c3851d248ebf06f

Targets

- Target
  
  file.exe
- Size
  
  446KB
- MD5
  
  a6ccb957adc86a54f408e8078ca063eb
- SHA1
  
  fc9074a7067530ceb86f54eee5391a812b33fb6e
- SHA256
  
  be4ed5a51f14038fe8da76e0acd84d1844788f27aa6ea6fc38a5d66b3b17637f
- SHA512
  
  6cbeb1f43e037dedf278860533df7cc0bf05ec97d7091d60e36d96b71d9e2c4bb00729f496147822d304ea5bca4d7bc3b20658ae43314dc618775f97cadcacf8
- SSDEEP
  
  6144:rHivxtmw0lNbouFhjYnnQ9KPAN7cHlsfxPop9/M+AQWhMv934IwrTPGFP:rnbRFhkQ9Ki7cSFa97aM134hOP
Score

10^/10

raccoon redline 77602e57d19524a205ffcb84db4a013b infostealer spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonredline77602e57d19524a205ffcb84db4a013binfostealerspywarestealer

behavioral2

raccoonredline77602e57d19524a205ffcb84db4a013binfostealerspywarestealer

© 2018-2024

Terms | Privacy