raccoon | b8a0a0d472bfa63a3a41fb6a321a73874460a4e25971959c64450d1da3aacc91 | Triage

Sharing

General

Target

file.exe
Size

168KB
Sample

221103-x2m2sagcgl
MD5

9ed169f48558d35880887d9d0b721fe3
SHA1

007ae0c669af551f3da3fc5ee1ce22207a4a55ba
SHA256

b8a0a0d472bfa63a3a41fb6a321a73874460a4e25971959c64450d1da3aacc91
SHA512

717c56fb4dff0280385cecae2401a2c641722e8f475a508f445273b0fb6b2bd62ccca6e28affcc38834896344dddf129043131c32d6c8635b1f068ec10cef0db
SSDEEP

3072:bHs0NSdrijCoXXp6lFb00lDxpMk8L9u3Lqg45ZJDmBo666f:DLSNcCoewYGrJuD66f

Score

10^/10

raccoon 4b27964206623c95a4fe31c61b7b4527 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

4b27964206623c95a4fe31c61b7b4527

C2

http://79.137.197.212/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  168KB
- MD5
  
  9ed169f48558d35880887d9d0b721fe3
- SHA1
  
  007ae0c669af551f3da3fc5ee1ce22207a4a55ba
- SHA256
  
  b8a0a0d472bfa63a3a41fb6a321a73874460a4e25971959c64450d1da3aacc91
- SHA512
  
  717c56fb4dff0280385cecae2401a2c641722e8f475a508f445273b0fb6b2bd62ccca6e28affcc38834896344dddf129043131c32d6c8635b1f068ec10cef0db
- SSDEEP
  
  3072:bHs0NSdrijCoXXp6lFb00lDxpMk8L9u3Lqg45ZJDmBo666f:DLSNcCoewYGrJuD66f
Score

10^/10

raccoon 4b27964206623c95a4fe31c61b7b4527 stealer spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon4b27964206623c95a4fe31c61b7b4527stealer

behavioral2

raccoon4b27964206623c95a4fe31c61b7b4527spywarestealer