raccoon | d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
Size

378KB
Sample

220908-m3cmbsbefq
MD5

85421fe227435ab57544c7e07ce793c0
SHA1

880e734211fa5bc6dc3c371322e32bd949448040
SHA256

d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
SHA512

202fb156d314f12d81360128c9b2bbd255e307672d745955839bb4bfc79b0afb0c0c618e32457f811ecbe0f2e51891307e6d33decbcc3b95f7eb7718938e11ab
SSDEEP

6144:M7Pl6K1inZ0KtvusH5n4tF7ilzS6JOaoKU5K7u8Jg/xbemCj9j6J:s4K1KZ0KtvusH5n4tF7ileO7u8JgRueJ

Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf.exe

Resource

win10-20220812-en

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

windows10-1703-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

654b3e7f2d409dcde795b5d2dacf4955

C2

http://46.249.58.152/

rc4.plain

Targets

- Target
  
  d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
- Size
  
  378KB
- MD5
  
  85421fe227435ab57544c7e07ce793c0
- SHA1
  
  880e734211fa5bc6dc3c371322e32bd949448040
- SHA256
  
  d42c6b6ebf9546f73f8542b5f8e8769ace584f2bc4d6319fb1d06473290fd1cf
- SHA512
  
  202fb156d314f12d81360128c9b2bbd255e307672d745955839bb4bfc79b0afb0c0c618e32457f811ecbe0f2e51891307e6d33decbcc3b95f7eb7718938e11ab
- SSDEEP
  
  6144:M7Pl6K1inZ0KtvusH5n4tF7ilzS6JOaoKU5K7u8Jg/xbemCj9j6J:s4K1KZ0KtvusH5n4tF7ileO7u8JgRueJ
Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer
- Modifies security service
  evasion
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

raccoon654b3e7f2d409dcde795b5d2dacf4955discoveryevasionexploitspywarestealer

© 2018-2024

Terms | Privacy