raccoon | ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6 | Triage

Sharing

General

Target

ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6
Size

153KB
Sample

220907-tf394aceb4
MD5

04d1bc35237a7b8f9e38243a268d22c0
SHA1

f368a73c35fb7f47ac99cb693f2532730e75129d
SHA256

ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6
SHA512

b43fa45eec454e14eadffd59c4021d961ee4ea2a5db557d788d25a6b1a3feb7a7764bbebd64f90beac9e4213282e5d492c4d2158cc10d5872d3ac6409d52c065
SSDEEP

3072:peTxD8Rwh3iTLlFjXoPkbBNop8zCtj6s6j5Kz/+zJUmaRibX9p:p+D53ivvS8+tj6J0z00ibtp

Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

654b3e7f2d409dcde795b5d2dacf4955

C2

http://46.249.58.152/

rc4.plain

Targets

- Target
  
  ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6
- Size
  
  153KB
- MD5
  
  04d1bc35237a7b8f9e38243a268d22c0
- SHA1
  
  f368a73c35fb7f47ac99cb693f2532730e75129d
- SHA256
  
  ee933b2ba59c83e93c1094ee73c0b1f49725779391240dfd45aa9facdf1c98e6
- SHA512
  
  b43fa45eec454e14eadffd59c4021d961ee4ea2a5db557d788d25a6b1a3feb7a7764bbebd64f90beac9e4213282e5d492c4d2158cc10d5872d3ac6409d52c065
- SSDEEP
  
  3072:peTxD8Rwh3iTLlFjXoPkbBNop8zCtj6s6j5Kz/+zJUmaRibX9p:p+D53ivvS8+tj6J0z00ibtp
Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Hidden Files and Directories

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon654b3e7f2d409dcde795b5d2dacf4955spywarestealer