raccoon | de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
Size

379KB
Sample

220908-m5yycabfak
MD5

d781565c8dd4c9ea9a58914246e164d8
SHA1

175ad7ca21bb080d6f315dcc89388e21bc539336
SHA256

de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
SHA512

3fc924ff30026e3ccd02f769d90b07b34f6bb61054b363f8f7bac00052190feaf51f1e7624b85633a55224f9aa4651abe6e50cc5d4fc95f41a7d237103f5fbc6
SSDEEP

6144:N741KC10XZ0KtvusH5nht2C6ilbKV5mKYLk5j7ucJnPdemcXgCR6J:xhC1UZ0KtvusH5nht2C6ile97ucJnsm1

Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7.exe

Resource

win10-20220812-en

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer

windows10-1703-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

654b3e7f2d409dcde795b5d2dacf4955

C2

http://46.249.58.152/

rc4.plain

Targets

- Target
  
  de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
- Size
  
  379KB
- MD5
  
  d781565c8dd4c9ea9a58914246e164d8
- SHA1
  
  175ad7ca21bb080d6f315dcc89388e21bc539336
- SHA256
  
  de302b3f83c0208da9df41a874fb362889083908b1db069ba5cef884c7d1c6d7
- SHA512
  
  3fc924ff30026e3ccd02f769d90b07b34f6bb61054b363f8f7bac00052190feaf51f1e7624b85633a55224f9aa4651abe6e50cc5d4fc95f41a7d237103f5fbc6
- SSDEEP
  
  6144:N741KC10XZ0KtvusH5nht2C6ilbKV5mKYLk5j7ucJnPdemcXgCR6J:xhC1UZ0KtvusH5nht2C6ile97ucJnsm1
Score

10^/10

raccoon 654b3e7f2d409dcde795b5d2dacf4955 discovery evasion exploit spyware stealer
- Modifies security service
  evasion
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Impair Defenses

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

raccoon654b3e7f2d409dcde795b5d2dacf4955discoveryevasionexploitspywarestealer

© 2018-2024

Terms | Privacy