raccoon | a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52 | Triage

Submit
Reports

Overview

overview

Static

static

0b1c78db1d...31.exe

windows7-x64

0b1c78db1d...31.exe

windows10-2004-x64

Sharing

General

Target

0b1c78db1d6debc91c59c0d7dfe9dd31.exe
Size

30.1MB
Sample

221014-1z3agaegal
MD5

0b1c78db1d6debc91c59c0d7dfe9dd31
SHA1

98575e24bfe6a11c678de4f9ebc55453710fcc75
SHA256

a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
SHA512

2d9c226b5dcbd2c3e54816c374a46e4d9e04b22ecde3c8a231cd7b55ae7183134a3b5a54af0dc05e774ba9b25f444609fc43ec0bb526a619c5297489b55eff02
SSDEEP

786432:TZ2NuqrYwxyy8BXmRAw/5Vi5U21eNJvkH:TANua5xd89mmwQHoU

Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 discovery evasion spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0b1c78db1d6debc91c59c0d7dfe9dd31.exe

Resource

win7-20220812-en

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 discovery evasion spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b1c78db1d6debc91c59c0d7dfe9dd31.exe

Resource

win10v2004-20220812-en

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 discovery evasion spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://31.42.177.171/hfile.bin

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://77.91.123.97/

rc4.plain

Targets

- Target
  
  0b1c78db1d6debc91c59c0d7dfe9dd31.exe
- Size
  
  30.1MB
- MD5
  
  0b1c78db1d6debc91c59c0d7dfe9dd31
- SHA1
  
  98575e24bfe6a11c678de4f9ebc55453710fcc75
- SHA256
  
  a027d527bf8e2d3682ee39f12379d113bc7d28193d36b2c448712e5c8009ff52
- SHA512
  
  2d9c226b5dcbd2c3e54816c374a46e4d9e04b22ecde3c8a231cd7b55ae7183134a3b5a54af0dc05e774ba9b25f444609fc43ec0bb526a619c5297489b55eff02
- SSDEEP
  
  786432:TZ2NuqrYwxyy8BXmRAw/5Vi5U21eNJvkH:TANua5xd89mmwQHoU
Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 discovery evasion spyware stealer trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon9b19cf60d9bdf65b8a2495aa965456c3discoveryevasionspywarestealertrojan

behavioral2

raccoon9b19cf60d9bdf65b8a2495aa965456c3discoveryevasionspywarestealertrojan

© 2018-2024

Terms | Privacy