raccoon | 64873bbbafb8c0ad8c19c42ea9f2b7b7f2e6760e68d6a249e75d60820fa42230 | Triage

Sharing

General

Target

file.exe
Size

5.1MB
Sample

220919-ygy4zsachq
MD5

ce373f2f096321c70bfb037b60a2c06b
SHA1

9ccc9e1c5f14cd27786865e9138bb5b06f3b6e37
SHA256

64873bbbafb8c0ad8c19c42ea9f2b7b7f2e6760e68d6a249e75d60820fa42230
SHA512

bd99f4c6cd9fa08c68c1bd053a03ae9e5d3164bb5eb144048873d29f6ba975089c6c843765dcbe51c3ae8a4cbb11a400ca6ec4ea2fc7bbb1c660d74c8bfca899
SSDEEP

98304:V/jVdoPSbvMPgQ2VRnyXvPv3OiqwZsIqmUjrvVM+fssxp:V/jYMvMoQ+y3v3OijZDENvfDxp

Score

10^/10

raccoon 4412608c980868ef83d64b20a2e3d5f8 �6��evasion stealer trojan

Malware Config

Extracted

Family

raccoon

Botnet

�6��

rc4.plain

Extracted

Family

raccoon

Botnet

4412608c980868ef83d64b20a2e3d5f8

C2

http://89.185.85.53/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  5.1MB
- MD5
  
  ce373f2f096321c70bfb037b60a2c06b
- SHA1
  
  9ccc9e1c5f14cd27786865e9138bb5b06f3b6e37
- SHA256
  
  64873bbbafb8c0ad8c19c42ea9f2b7b7f2e6760e68d6a249e75d60820fa42230
- SHA512
  
  bd99f4c6cd9fa08c68c1bd053a03ae9e5d3164bb5eb144048873d29f6ba975089c6c843765dcbe51c3ae8a4cbb11a400ca6ec4ea2fc7bbb1c660d74c8bfca899
- SSDEEP
  
  98304:V/jVdoPSbvMPgQ2VRnyXvPv3OiqwZsIqmUjrvVM+fssxp:V/jYMvMoQ+y3v3OijZDENvfDxp
Score

10^/10

raccoon 4412608c980868ef83d64b20a2e3d5f8 �6��evasion stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon4412608c980868ef83d64b20a2e3d5f8�6��evasionstealertrojan

behavioral2

raccoon4412608c980868ef83d64b20a2e3d5f8evasionstealertrojan