raccoon | 8d197934ea6b6f1beee50ffce69efcf7172c00bb59fc44371ed85c2dca0a0e89 | Triage

Sharing

General

Target

file.exe
Size

2.5MB
Sample

221019-t5ye5sgag3
MD5

bd6b21b99dd64f2c77009d2dea1ea086
SHA1

a2a136c265189a299ed2dff677f70d1f1ca83dea
SHA256

8d197934ea6b6f1beee50ffce69efcf7172c00bb59fc44371ed85c2dca0a0e89
SHA512

c2cbc36d23161a1c32bc304b50eae8ca6be16bac4d7fae2ad5921802caae979628d04f56349cd9de4d6fc7ebe938d0416a548984eb4605b39945f8b976208b10
SSDEEP

24576:rayYEvGwJ82uYqY8wNvbbMoxK2DdxdE4LxK9xD6MLTRmq+CLlqzTg/l3RuQ5531S:rZYEewJ8YeFTRmq+CBqCl3U

Score

10^/10

raccoon ce21570f8b07f4e68bfb7f44917635b1 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

ce21570f8b07f4e68bfb7f44917635b1

C2

http://77.73.133.7/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  2.5MB
- MD5
  
  bd6b21b99dd64f2c77009d2dea1ea086
- SHA1
  
  a2a136c265189a299ed2dff677f70d1f1ca83dea
- SHA256
  
  8d197934ea6b6f1beee50ffce69efcf7172c00bb59fc44371ed85c2dca0a0e89
- SHA512
  
  c2cbc36d23161a1c32bc304b50eae8ca6be16bac4d7fae2ad5921802caae979628d04f56349cd9de4d6fc7ebe938d0416a548984eb4605b39945f8b976208b10
- SSDEEP
  
  24576:rayYEvGwJ82uYqY8wNvbbMoxK2DdxdE4LxK9xD6MLTRmq+CLlqzTg/l3RuQ5531S:rZYEewJ8YeFTRmq+CBqCl3U
Score

10^/10

raccoon ce21570f8b07f4e68bfb7f44917635b1 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonce21570f8b07f4e68bfb7f44917635b1spywarestealer

behavioral2

raccoonce21570f8b07f4e68bfb7f44917635b1spywarestealer