raccoon | d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
Size

386KB
Sample

220908-aa131adcb3
MD5

1b318f1b8b06927c70445fb204cde589
SHA1

424c22ee84b9b94efe8cd9f9d8c15a3cbfb2837b
SHA256

d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
SHA512

3c1779c3f9fc02fa43e0746b39f44755121a6a58c0cb6b9b2253b22f538aaff144955308c8580956f943ac17d62fbc9744fe730c21320eef142c11890acab2a6
SSDEEP

12288:p+1TAJgO0d5vgEiySZhb0sJYuVka7CpNIc3r:I1OEifHb08Xk

Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4.exe

Resource

win10v2004-20220812-en

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

654b3e7f2d409dcde795b5d2dacf4955

C2

http://46.249.58.152/

rc4.plain

Targets

- Target
  
  d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
- Size
  
  386KB
- MD5
  
  1b318f1b8b06927c70445fb204cde589
- SHA1
  
  424c22ee84b9b94efe8cd9f9d8c15a3cbfb2837b
- SHA256
  
  d4696b99aae2a8c0b6117c12181ce3b23c2b8b3f0a29d7993a968ec2dcf446f4
- SHA512
  
  3c1779c3f9fc02fa43e0746b39f44755121a6a58c0cb6b9b2253b22f538aaff144955308c8580956f943ac17d62fbc9744fe730c21320eef142c11890acab2a6
- SSDEEP
  
  12288:p+1TAJgO0d5vgEiySZhb0sJYuVka7CpNIc3r:I1OEifHb08Xk
Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer
- Modifies security service
  evasion
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

raccoon654b3e7f2d409dcde795b5d2dacf4955discoveryevasionexploitspywarestealer

© 2018-2024

Terms | Privacy