raccoon | 02577523a1d0dc64387458f4257473a08dc152fe6070fa06febd645ed6d515ad | Triage

Sharing

General

Target

02577523a1d0dc64387458f4257473a08dc152fe6070fa06febd645ed6d515ad.exe
Size

275KB
Sample

221110-yn5v4sfdaq
MD5

ab45b17d29efac4957075c72519d2243
SHA1

d6b044ab1f103424f190ed3fb33944609b21db3e
SHA256

02577523a1d0dc64387458f4257473a08dc152fe6070fa06febd645ed6d515ad
SHA512

72a28a26d2dffe56cfc330a9d7d6b3e8674e453d3a1ffedc982f276ae853d296b424e25031c4befb292449a4e30c28ed79956a227f71da5a4c2caf70f81802e2
SSDEEP

6144:/7h82f3Jg9cSSA7ANz6Hf0Z5VMcf7IAOY5ooIL3iyJGWL:D2SA7ANz3MiIKILnjL

Score

10^/10

raccoon 53508e7dc4e08bd33122d190a04a1200 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

53508e7dc4e08bd33122d190a04a1200

C2

http://45.15.156.105/

rc4.plain

Targets

- Target
  
  02577523a1d0dc64387458f4257473a08dc152fe6070fa06febd645ed6d515ad.exe
- Size
  
  275KB
- MD5
  
  ab45b17d29efac4957075c72519d2243
- SHA1
  
  d6b044ab1f103424f190ed3fb33944609b21db3e
- SHA256
  
  02577523a1d0dc64387458f4257473a08dc152fe6070fa06febd645ed6d515ad
- SHA512
  
  72a28a26d2dffe56cfc330a9d7d6b3e8674e453d3a1ffedc982f276ae853d296b424e25031c4befb292449a4e30c28ed79956a227f71da5a4c2caf70f81802e2
- SSDEEP
  
  6144:/7h82f3Jg9cSSA7ANz6Hf0Z5VMcf7IAOY5ooIL3iyJGWL:D2SA7ANz3MiIKILnjL
Score

10^/10

raccoon 53508e7dc4e08bd33122d190a04a1200 stealer spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon53508e7dc4e08bd33122d190a04a1200stealer

behavioral2

raccoon53508e7dc4e08bd33122d190a04a1200spywarestealer