raccoon | 77860ceeea9d024405a1ceb41a347159a49c9dcf480bcf7fb1272eda405e52b6 | Triage

Sharing

General

Target

77860ceeea9d024405a1ceb41a347159a49c9dcf480bcf7fb1272eda405e52b6
Size

1.3MB
Sample

221115-17gczaca9t
MD5

e183a2b4a47cd6e1e922b987450216f8
SHA1

81af106bc20dbff1c3892a88134f52d0a10f5159
SHA256

77860ceeea9d024405a1ceb41a347159a49c9dcf480bcf7fb1272eda405e52b6
SHA512

d2220161f3f5ad91729cc075dae7ad0956b04eb4013d47c50a3ff6ca2c2ef5bf2c2f9ff380c7f952c39480d3c667ac3c1f8f3269515d51fc5e589a07f496f0a7
SSDEEP

24576:qRx5NbwcVMH76k9dwyCSXkWEjvp/MMbEwDLpRFm0m/WOlwAydyKJb0D:qRxYPYSXFEjx0CbDLpR4TuGIbJ

Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

dbffbdbc9786a5c270e6dd2d647e18ea

C2

http://79.137.205.87/

rc4.plain

Targets

- Target
  
  77860ceeea9d024405a1ceb41a347159a49c9dcf480bcf7fb1272eda405e52b6
- Size
  
  1.3MB
- MD5
  
  e183a2b4a47cd6e1e922b987450216f8
- SHA1
  
  81af106bc20dbff1c3892a88134f52d0a10f5159
- SHA256
  
  77860ceeea9d024405a1ceb41a347159a49c9dcf480bcf7fb1272eda405e52b6
- SHA512
  
  d2220161f3f5ad91729cc075dae7ad0956b04eb4013d47c50a3ff6ca2c2ef5bf2c2f9ff380c7f952c39480d3c667ac3c1f8f3269515d51fc5e589a07f496f0a7
- SSDEEP
  
  24576:qRx5NbwcVMH76k9dwyCSXkWEjvp/MMbEwDLpRFm0m/WOlwAydyKJb0D:qRxYPYSXFEjx0CbDLpR4TuGIbJ
Score

10^/10

raccoon dbffbdbc9786a5c270e6dd2d647e18ea spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoondbffbdbc9786a5c270e6dd2d647e18easpywarestealer