raccoon | cf16aaa4e7e4e906915e9901e93f4de670355784d5350991e8f09b813cc7988d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b27fda3b7eba2be512d2a6da23b2281f.exe
Size

205KB
Sample

220909-a8mm9sdccm
MD5

b27fda3b7eba2be512d2a6da23b2281f
SHA1

1efd790a0df3814a0c5cc4d81f31c2ae7e764e2b
SHA256

cf16aaa4e7e4e906915e9901e93f4de670355784d5350991e8f09b813cc7988d
SHA512

cd0c3bcb068afa8cce3227fada9385f0fcf6c89f5463573c6b37c1cb6481055d5a96191db99e32c5d97a6d17183ab97906afe24d28d0c600172dfe384cd347ce
SSDEEP

3072:kvM5qvN5ZaKE7xJcQ9uwm7E6u1sqGnbZNOqK2p:ri1aB7lowUEVWqWOqKq

Score

10^/10

raccoon 567d5bff28c2a18132d2f88511f07435 discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

567d5bff28c2a18132d2f88511f07435

C2

http://116.203.167.5/

http://195.201.248.58/

rc4.plain

Targets

- Target
  
  b27fda3b7eba2be512d2a6da23b2281f.exe
- Size
  
  205KB
- MD5
  
  b27fda3b7eba2be512d2a6da23b2281f
- SHA1
  
  1efd790a0df3814a0c5cc4d81f31c2ae7e764e2b
- SHA256
  
  cf16aaa4e7e4e906915e9901e93f4de670355784d5350991e8f09b813cc7988d
- SHA512
  
  cd0c3bcb068afa8cce3227fada9385f0fcf6c89f5463573c6b37c1cb6481055d5a96191db99e32c5d97a6d17183ab97906afe24d28d0c600172dfe384cd347ce
- SSDEEP
  
  3072:kvM5qvN5ZaKE7xJcQ9uwm7E6u1sqGnbZNOqK2p:ri1aB7lowUEVWqWOqKq
Score

10^/10

raccoon 567d5bff28c2a18132d2f88511f07435 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon567d5bff28c2a18132d2f88511f07435discoveryspywarestealer

behavioral2

raccoon567d5bff28c2a18132d2f88511f07435discoveryspywarestealer