raccoon | 3f0bb49d1d57056e70552c93ecaa2a25da1915cf94f1ac6f4bba541bbb1c10a6 | Triage

Sharing

General

Target

3f0bb49d1d57056e70552c93ecaa2a25da1915cf94f1ac6f4bba541bbb1c10a6
Size

6.9MB
Sample

221113-sn4edsef6w
MD5

1739771ffcd2da82e7a9eccc06bd55d9
SHA1

46203ea60409869f9bf41faf4f96d43df5ad5bb0
SHA256

3f0bb49d1d57056e70552c93ecaa2a25da1915cf94f1ac6f4bba541bbb1c10a6
SHA512

5f6f06cc4a5eb136d7b34585f10d8a8cd1664012e6894b0fea751d3d8e6e4f2f4a77ef0666188928fc726e1de14759b5d4fa38bcdcae3e1979f377a99c99b791
SSDEEP

24576:2hWQHYVfcGeRgIGUjfA/p2/fqYPdcBhGY/Zp+1yeByyiOzXUPrCD:kWQH/E/sqh9+Fyy9X

Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

dbffbdbc9786a5c270e6dd2d647e18ea

C2

http://79.137.205.87/

rc4.plain

Targets

- Target
  
  3f0bb49d1d57056e70552c93ecaa2a25da1915cf94f1ac6f4bba541bbb1c10a6
- Size
  
  6.9MB
- MD5
  
  1739771ffcd2da82e7a9eccc06bd55d9
- SHA1
  
  46203ea60409869f9bf41faf4f96d43df5ad5bb0
- SHA256
  
  3f0bb49d1d57056e70552c93ecaa2a25da1915cf94f1ac6f4bba541bbb1c10a6
- SHA512
  
  5f6f06cc4a5eb136d7b34585f10d8a8cd1664012e6894b0fea751d3d8e6e4f2f4a77ef0666188928fc726e1de14759b5d4fa38bcdcae3e1979f377a99c99b791
- SSDEEP
  
  24576:2hWQHYVfcGeRgIGUjfA/p2/fqYPdcBhGY/Zp+1yeByyiOzXUPrCD:kWQH/E/sqh9+Fyy9X
Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoondbffbdbc9786a5c270e6dd2d647e18easpywarestealer