raccoon

Sharing

Copy URL

Twitter E-mail

General

Target

Installer.zip
Size

85.2MB
Sample

220910-r25c6sacb7
MD5

6eeb7ae1ec8e863bfb9dd2d3ed38796b
SHA1

be5047fa0bcb88b186f32fd39bfe4f85dc634cc5
SHA256

1ce3a42466fb875b1c1e58c5cfb639cff11955b3017ee987b5f7ed8edd4c39f3
SHA512

1ab9c68e490c2fb9bdd3aab1a9030d151ca6cf531432fe373966ceb01a02e6e2aa8af3f6ed4a650016c5ac1053591338defc00bb0030543ae73ce6843b632d77
SSDEEP

1572864:Vy/GkRgp5z4OKqPdndYVGkRgp5z44GkRgp5z4UnkqLqrdndYJdndY6:VzkR45AudZkR45qkR45QUudQdV

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

3efe9181f37a78f608e51162796a63f7

http://146.70.125.95/

rc4.plain

Targets

- Target
  
  Installer.exe
- Size
  
  726.0MB
- MD5
  
  75445f1c9cd44d3148532ce1f02a78c3
- SHA1
  
  383d5dbf5fc745cf1c3ca2bc360b55aa109ff2bb
- SHA256
  
  6e3af05d0e36062681fd9b4fdb601e605b44e414689a9d61b96fbf25e439166d
- SHA512
  
  910142788341d2e7b3158801214022efac1663f424fb87cf537179b2cb0e17303c688027f2f420c9096cf5ef77a19596244fa9de0edfbac65c48b0b481903960
- SSDEEP
  
  98304:gGtTHVNvmnL54wqxllJ2CDJNG3Gc5Y1orJmhnZqDErjOCWHs34vtZLvCG:lH84wsJRDs21o99wWHs+DuG
Score

10^/10

raccoon 3efe9181f37a78f608e51162796a63f7 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
- Size
  
  93KB
- MD5
  
  2ff41c1cdfb7f392ef9f600f083e0aca
- SHA1
  
  e5e55cee5bb93a0ab0d9034d973ae3af0ebca2a0
- SHA256
  
  b9a278cd7f3539f86fc65fb19a7ece72a3b3870f0e3f042cc1d6ab089196b8aa
- SHA512
  
  577ff4989edbaea5e43ae30d0dc84a936d2affee6f841ede8563f4003b2f2bec8da7d9c8d0a6c480183be47f09ab883c188246178f1f4363ac09a627b612b0ef
- SSDEEP
  
  1536:WwbWR/v1o/G42UR9whwRrcUTR9EhhBhV4IWzRVEpj4+gLS8Y9UxkLa2:AnD9UR9whwtvTRMBP3Bpj4+gLS8eUxkd
Score

1^/10
behavioral3 behavioral4
- Target
  
  packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
- Size
  
  91B
- MD5
  
  a6d72092d0120cb068e3035ff2e80b16
- SHA1
  
  ddd7bfcadca2a2fed15ca78ad13ef456dabb11b3
- SHA256
  
  2d5b39d9770f6e128ca6d240d469c276186409e76b434471b822d4910275feda
- SHA512
  
  50b36728b005918c9054bf45fc129c7b0f45cf447f6695e2426322d5f1a3158192e8448a05a9bbc730a38b07a47a5d61cbcbd51638324d7da2e8bb4035a9bdf8
Score

1^/10
behavioral5 behavioral6
- Target
  
  packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
- Size
  
  6KB
- MD5
  
  21626ffae5a122daa94a2822f225b301
- SHA1
  
  f844f22a31da173717efee29e89694266a98378e
- SHA256
  
  00ae1d1a986c6f6b70d92c15417db03d4e35cdb8178f2abb388c8b22974f786a
- SHA512
  
  64ced3bd75babc01cc1c0567dbc24333b1f18d9ddda5b82fe203efcbd5dd1e126450d346e94d1ff2c9e6d57750e1bcef19b352341fdc9d0fb05b2554275229bb
- SSDEEP
  
  48:iXnPyMjbfu57DDc7B6PnpxESdnEgF2b4k+bkguj6witxH7GLPJZWmtL4Hggb8:lWju1U7Qfbxd12bKnCDW1f
Score

1^/10
behavioral7 behavioral8
- Target
  
  packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
- Size
  
  6KB
- MD5
  
  861265483c1d6bcaacce89ea743c1976
- SHA1
  
  983ac5c87f531135b6c64bad182ff6cff65439f2
- SHA256
  
  2933beb43caf5d8fb3ba422630f99516abebb7ca8b8ba6371cca51d6cb6d67b2
- SHA512
  
  6e2443fcd7ed9fcb8e1fe024078581962f73eca3d50688e76b52e8f340d267aaa3df745558ddaa2a07a8ab74f46e5cff9495ae63fcea4b9057ebe997de3200a0
- SSDEEP
  
  48:iXna6Xa/TQIHsDeooiIAeqBaPiSdnEgH2b4k+bkgMjKwitxH7GLdtpZWKtpvGtg/:yigDe9JqQbdX2bKhCzWEGl
Score

1^/10
behavioral9 behavioral10
- Target
  
  packages/Program Files (x86)/Common Files/Propellerhead Software/ReWire/ReWire.dll
- Size
  
  1.4MB
- MD5
  
  2f3f103405dec980cfa432ea93f92321
- SHA1
  
  4dc93f9aaba768a9c7d0473168831fe15d48fc85
- SHA256
  
  5b2c3a6727e4d1fcadec1e1ea0fa6055d1d041a52211cc75c2b0330f6a1754df
- SHA512
  
  4f7704bd77e336c11cc96f1dd45e2f4e98d78421b12696b89b887fec17027d543de0964177cc40114edb8c5b16b148ad24bb6e5bc9a09fce23f7daa34db5eb8f
- SSDEEP
  
  24576:uFxEKn67lrLcZNOHMpOn/rG6V0xmPyMbNzb:uo7Fg/pC2xm6yzb
Score

1^/10
behavioral11 behavioral12
- Target
  
  packages/Program Files (x86)/VstPlugins/FL Studio VSTi (Multi).dll
- Size
  
  2.3MB
- MD5
  
  a127a44f247c0b659f2b65eceed3298a
- SHA1
  
  c015ed730f0178a34b19551234280b114d579fdb
- SHA256
  
  37a32270ecd95d19b9944f72238b42ee55fe257a91f90b0aa661313d3c8919aa
- SHA512
  
  c40010d96d322581f6f10d665e3a5bb98305b4a5e43420aad293599341493c19c75d2f3d17eb8adad94adf201c502ff02a00bb3f6fd8d08b79fb0c014d591410
- SSDEEP
  
  24576:KacqwzcGeFEYYena94frJXZfHZhR2OKu4r+MeTKirXGWdXg3uD02+KMwMn4x5ITW:rocfHKt8KirXZw3I02+KMw+4ETbQimoI
Score

3^/10
behavioral13 behavioral14
- Target
  
  packages/Program Files (x86)/VstPlugins/FL Studio VSTi.dll
- Size
  
  2.3MB
- MD5
  
  1c1cb10232e973e50a8f3ebdefdd838c
- SHA1
  
  bbe8e2f52d22609342ade9349e87319d81e82beb
- SHA256
  
  4cde6dc9770c903a931a6e23f4c5ddb6793772b53d233d3b33d2482a29272233
- SHA512
  
  852c553c1806f3058e234ffc1b2846ae0e9991ee587208bc1565c14d9625578f64008cdaccadd071f165c5cf8c550aeeff244013811d2403014f2a8aa5ac2508
- SSDEEP
  
  24576:gacqwzcGeFEYYena94frJXZfHZhR2OKu4r+MeTKirXGWdXg3uD02+KMwMn4xoIT5:1ocfHKt8KirXZw3I02+KMw+4dTb2iIO
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16