raccoon | 84f7ae051ae10d5d7dd0d6367e2ad0f037fc69a551db1bce54b6725ae5149fa8 | Triage

Sharing

General

Target

84f7ae051ae10d5d7dd0d6367e2ad0f037fc69a551db1bce54b6725ae5149fa8
Size

287KB
Sample

220911-zs4dhscbg2
MD5

3bb1d652dba7e11d1809b88564128fc9
SHA1

f3dedf469d604ec373f2cdc58c812447f653d7d5
SHA256

84f7ae051ae10d5d7dd0d6367e2ad0f037fc69a551db1bce54b6725ae5149fa8
SHA512

953c8762c5cd897d90a75504be7c6910e95c739dacedc64e318a44277a47f482f525cb4148723e4de790d36d9ee894e32b7c3bb214e73a36948b30b1b12b1bcb
SSDEEP

6144:lUmtjhfqBFXABT9KDczKDwh4M/nzfZFgPGbis:ltED+IDczKDwh4M/bt

Score

10^/10

raccoon 567d5bff28c2a18132d2f88511f07435 discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

567d5bff28c2a18132d2f88511f07435

C2

http://116.203.167.5/

http://195.201.248.58/

rc4.plain

Targets

- Target
  
  84f7ae051ae10d5d7dd0d6367e2ad0f037fc69a551db1bce54b6725ae5149fa8
- Size
  
  287KB
- MD5
  
  3bb1d652dba7e11d1809b88564128fc9
- SHA1
  
  f3dedf469d604ec373f2cdc58c812447f653d7d5
- SHA256
  
  84f7ae051ae10d5d7dd0d6367e2ad0f037fc69a551db1bce54b6725ae5149fa8
- SHA512
  
  953c8762c5cd897d90a75504be7c6910e95c739dacedc64e318a44277a47f482f525cb4148723e4de790d36d9ee894e32b7c3bb214e73a36948b30b1b12b1bcb
- SSDEEP
  
  6144:lUmtjhfqBFXABT9KDczKDwh4M/nzfZFgPGbis:ltED+IDczKDwh4M/bt
Score

10^/10

raccoon 567d5bff28c2a18132d2f88511f07435 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon567d5bff28c2a18132d2f88511f07435discoveryspywarestealer