raccoon | f7bbfb5a8759f1166b757d2443719b581f4079fb96ae6bdf93786c20400f6612 | Triage

Sharing

General

Target

MyNewFileChr.exe
Size

627KB
Sample

221017-ergsxaafd9
MD5

092c5b3060a6637cd401158edb4a9910
SHA1

36e52949d3288471618a3fb21dc669c41e8bbd8c
SHA256

f7bbfb5a8759f1166b757d2443719b581f4079fb96ae6bdf93786c20400f6612
SHA512

774634f10223015d7ea7c6ac07b2e2064af6ca33176f96dc5632315221f9c5e32e4abb84fd1f7749cc3ea8b95a6e8bc821be47ee35d70a379e22aa40a22c391f
SSDEEP

6144:FSezGmhidPYUNGrREDXW8jOD/gSxgRU6/lkw3RRMxNjfOBYxXr3A:FSYPWxW77gSxgWwa3A

Score

10^/10

raccoon ce21570f8b07f4e68bfb7f44917635b1 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

ce21570f8b07f4e68bfb7f44917635b1

C2

http://77.73.133.7/

rc4.plain

Targets

- Target
  
  MyNewFileChr.exe
- Size
  
  627KB
- MD5
  
  092c5b3060a6637cd401158edb4a9910
- SHA1
  
  36e52949d3288471618a3fb21dc669c41e8bbd8c
- SHA256
  
  f7bbfb5a8759f1166b757d2443719b581f4079fb96ae6bdf93786c20400f6612
- SHA512
  
  774634f10223015d7ea7c6ac07b2e2064af6ca33176f96dc5632315221f9c5e32e4abb84fd1f7749cc3ea8b95a6e8bc821be47ee35d70a379e22aa40a22c391f
- SSDEEP
  
  6144:FSezGmhidPYUNGrREDXW8jOD/gSxgRU6/lkw3RRMxNjfOBYxXr3A:FSYPWxW77gSxgWwa3A
Score

10^/10

raccoon ce21570f8b07f4e68bfb7f44917635b1 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonce21570f8b07f4e68bfb7f44917635b1spywarestealer

behavioral2

raccoonce21570f8b07f4e68bfb7f44917635b1spywarestealer