raccoon | 8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788 | Triage

Sharing

General

Target

8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
Size

976KB
Sample

221114-fmznlaeh75
MD5

ac039cca27fd7d9b40dea205b4527a79
SHA1

d36779a4613a108ffa5bc1e1e0fa80ba4b6f9130
SHA256

8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
SHA512

6f8cf94d4df8b15300444622dea0537270062e3d64ee505b3ea4e51b492c9610495c0bf3ae9ece5d0b300265cc81123f4750c4ee98e55b5db38618857f3cb6de
SSDEEP

1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+:aU14qdSC3Td3WCng3OP+X12mZ2q

Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

dbffbdbc9786a5c270e6dd2d647e18ea

C2

http://79.137.205.87/

rc4.plain

Targets

- Target
  
  8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
- Size
  
  976KB
- MD5
  
  ac039cca27fd7d9b40dea205b4527a79
- SHA1
  
  d36779a4613a108ffa5bc1e1e0fa80ba4b6f9130
- SHA256
  
  8afe2857096c348a787abff7ba7739fdb8f4c82bf0fae6c14a80204e69df1788
- SHA512
  
  6f8cf94d4df8b15300444622dea0537270062e3d64ee505b3ea4e51b492c9610495c0bf3ae9ece5d0b300265cc81123f4750c4ee98e55b5db38618857f3cb6de
- SSDEEP
  
  1536:hWoMfU1jzwxqdGqIOg1QNGia+df3WqRpngsW2pxPeM+Xtveu2mik2qR+:aU14qdSC3Td3WCng3OP+X12mZ2q
Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoondbffbdbc9786a5c270e6dd2d647e18eadiscoveryspywarestealer

behavioral2

raccoondbffbdbc9786a5c270e6dd2d647e18eadiscoveryspywarestealer