raccoon | 87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
Size

386KB
Sample

220908-jxww8sbcam
MD5

63a79393f793c165c5d3b1b6f2f2f2b6
SHA1

4e4d6311cc3e82ebc2b73dff18e1da2bf05bc4ca
SHA256

87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
SHA512

e7e2338a465d5601262415d406e5c241206a1afbec638721b0c191d287ab3c47b86125922c5109c8fcb7cd0841f4383aa1512f8e81329d24203310e13a5f742b
SSDEEP

12288:uO1rAJgO0d5vgEiCxJxrEc9oulkgjjGe:V12EigHrEQxjjR

Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb.exe

Resource

win10-20220812-en

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

windows10-1703-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

654b3e7f2d409dcde795b5d2dacf4955

C2

http://46.249.58.152/

rc4.plain

Targets

- Target
  
  87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
- Size
  
  386KB
- MD5
  
  63a79393f793c165c5d3b1b6f2f2f2b6
- SHA1
  
  4e4d6311cc3e82ebc2b73dff18e1da2bf05bc4ca
- SHA256
  
  87965adecd027e582ec8c82e5c51b147ef32519674363064464635794790b1cb
- SHA512
  
  e7e2338a465d5601262415d406e5c241206a1afbec638721b0c191d287ab3c47b86125922c5109c8fcb7cd0841f4383aa1512f8e81329d24203310e13a5f742b
- SSDEEP
  
  12288:uO1rAJgO0d5vgEiCxJxrEc9oulkgjjGe:V12EigHrEQxjjR
Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer
- Modifies security service
  evasion
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

raccoon654b3e7f2d409dcde795b5d2dacf4955discoveryevasionexploitspywarestealer

© 2018-2024

Terms | Privacy