raccoon | ae769b328bb61b642ba1177d138f8732be2e27fd91af5e226dc99b88bb35bdcb | Triage

Sharing

General

Target

ae769b328bb61b642ba1177d138f8732be2e27fd91af5e226dc99b88bb35bdcb
Size

229KB
Sample

220919-lhfyksaeh7
MD5

a2370ca56445054a0985a0972e0040ca
SHA1

823a2bd23f749a26ce4743279d5d85129830f2fc
SHA256

ae769b328bb61b642ba1177d138f8732be2e27fd91af5e226dc99b88bb35bdcb
SHA512

666a9cb47607dd9c0c2928a83ea830939371cee0cfc21ec6964acb26c14268eef37e9417740f5ce6d86312d301532c989b2b576086182e37c2fd1db6a2e71728
SSDEEP

3072:qpBPC1EnflTLH6PMMMZMMMMMMMMMMMMs:wH6MMMZMMMMMMMMMMMM

Score

10^/10

raccoon 7394a7fc5da9794209d8b0503ca4abf4 stealer

Malware Config

Extracted

Family

raccoon

Botnet

7394a7fc5da9794209d8b0503ca4abf4

C2

http://94.131.106.59

rc4.plain

Targets

- Target
  
  ae769b328bb61b642ba1177d138f8732be2e27fd91af5e226dc99b88bb35bdcb
- Size
  
  229KB
- MD5
  
  a2370ca56445054a0985a0972e0040ca
- SHA1
  
  823a2bd23f749a26ce4743279d5d85129830f2fc
- SHA256
  
  ae769b328bb61b642ba1177d138f8732be2e27fd91af5e226dc99b88bb35bdcb
- SHA512
  
  666a9cb47607dd9c0c2928a83ea830939371cee0cfc21ec6964acb26c14268eef37e9417740f5ce6d86312d301532c989b2b576086182e37c2fd1db6a2e71728
- SSDEEP
  
  3072:qpBPC1EnflTLH6PMMMZMMMMMMMMMMMMs:wH6MMMZMMMMMMMMMMMM
Score

10^/10

raccoon 7394a7fc5da9794209d8b0503ca4abf4 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon7394a7fc5da9794209d8b0503ca4abf4stealer

behavioral2

raccoon7394a7fc5da9794209d8b0503ca4abf4stealer