raccoon | 9b23770bfff1b78fb583782c77aebcf0161c08ee8610fe02d09e5a2a88b7097f | Triage

Sharing

General

Target

Installer.zip
Size

9.5MB
Sample

221005-zzmdksfhek
MD5

f40d480bf377695f491557d336557f32
SHA1

6a76715b4f72837574eebf913d9f04182a7231b5
SHA256

9b23770bfff1b78fb583782c77aebcf0161c08ee8610fe02d09e5a2a88b7097f
SHA512

7e05312f9fa9304e298b975a677f84cf2e5050bddd60a241dfe5c4ffafadc50098836f062d0596464f7b2b6a2771837b889d16e38aa1fe9fd5c6761a420b3158
SSDEEP

196608:mCD1fmWr1G7Q1wIgwAGedt0zucrv7hwmWtsVv+WRQKRE:z5eWBkeJrvnWCv+7P

Score

10^/10

raccoon cebf157bc6255f468a6b8317cead3cf7 discovery link pdf spyware stealer upx

Malware Config

Extracted

Family

raccoon

Botnet

cebf157bc6255f468a6b8317cead3cf7

C2

http://89.185.85.53/

rc4.plain

Targets

- Target
  
  Installer.exe
- Size
  
  726.3MB
- MD5
  
  a96c90d8ef480af0e7dd6555c061a6a5
- SHA1
  
  c26e574f64de531b0621a5230cbe583818422161
- SHA256
  
  081f4ba15d7910fd89f886e8c1e9cc232dd18d5d2d7d0229a2c8303865e168a1
- SHA512
  
  bda3d867f908abae40318d4f6b8695887677a94d35362efb48807dfef71fc6509baff9124eb8285a8de608cb6c664696d0c1375af2d1647a06b3f7d8651c67c8
- SSDEEP
  
  196608:9uU+fEgzWDFremiU6LqZpEte+truhmXWST:T+sHD1fiU6e+Ntruy
Score

10^/10

raccoon cebf157bc6255f468a6b8317cead3cf7 stealer discovery spyware upx
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap2.scr
- Size
  
  123B
- MD5
  
  f52774e787d274875e8eb967f8b908e2
- SHA1
  
  bb9725667093d62543f6baf46de6a0e6fed256f6
- SHA256
  
  cad3bb02e1a95f3093256725d9c513925d97453861606a4f1fb9af42eda13e0c
- SHA512
  
  7ac292c31304fc6b566acef396ea72977db37eb9bb52013fc178887684c5b4a8f09ac40268be1d982e5f67b6eb38ffdacbeec79b84da9ff773392723db02d7cc
Score

1^/10
behavioral3 behavioral4
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap3.scr
- Size
  
  68B
- MD5
  
  d5b9b72a2be55229039e69fecdf75c97
- SHA1
  
  54522e65137dcabeb8075f07a029e46078128079
- SHA256
  
  533358055fa4a87047032ab1e96afbfb8a53ef0fa64655abf3d000151a8cb452
- SHA512
  
  1d4c1f3aa95e50b22e86919a37ab5fda4e70e72e034d86459e86fc31583bcd41d840590b182ec17c08b6bdb94eb61cedbaf846cbb207f274bea146f2bb1189b6
Score

1^/10
behavioral5 behavioral6
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap5.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral7 behavioral8
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap7.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral9 behavioral10
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap8.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral11 behavioral12
- Target
  
  data/App/Documents/Image-Line/FL Studio/Settings/Browser/Snap9.scr
- Size
  
  31B
- MD5
  
  9f55b4721767735801907b80989426c9
- SHA1
  
  456b37545db703f4dfd79162cce81de845268c63
- SHA256
  
  f261ddf2da69f59cf215286897bfb66dba3e8dbb4209564fbd654ff0144cfe6a
- SHA512
  
  0e13b9278e61a51e338aebad9058e8e3aa737158d919a285c4b74193d493ff70e5da0cd03d8cda0279b2ef664b034abea0417cf8d9af81dd2e5faf8f790bb976
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccooncebf157bc6255f468a6b8317cead3cf7stealer

behavioral2

raccooncebf157bc6255f468a6b8317cead3cf7discoveryspywarestealerupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14