raccoon | 41686ad7861e37227ef1e467c075c844beee3e7c5fbdf9fbad39b9172f4a0c23 | Triage

Sharing

General

Target

file.exe
Size

141KB
Sample

221115-rsz24aec68
MD5

13fd3c9cd13274dc2c442e340ba6d42b
SHA1

57f9dd829648ac3c123d3922231b343a27e03166
SHA256

41686ad7861e37227ef1e467c075c844beee3e7c5fbdf9fbad39b9172f4a0c23
SHA512

fc8f2b13f618390d5176afc441f3ba2f1265f7706273507634fdc7c5b125f4f5d5fa2d3d6b41ac04c7c53fe36dda631214982b16836657e3605c8fbbbe69a682
SSDEEP

3072:DpubsXR144r2Qey6tIxFFYNcTxnZ/2y9Ua:DW4b4QpKtIxFFpFncVa

Score

10^/10

raccoon 53508e7dc4e08bd33122d190a04a1200 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

53508e7dc4e08bd33122d190a04a1200

C2

http://45.15.156.105/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  141KB
- MD5
  
  13fd3c9cd13274dc2c442e340ba6d42b
- SHA1
  
  57f9dd829648ac3c123d3922231b343a27e03166
- SHA256
  
  41686ad7861e37227ef1e467c075c844beee3e7c5fbdf9fbad39b9172f4a0c23
- SHA512
  
  fc8f2b13f618390d5176afc441f3ba2f1265f7706273507634fdc7c5b125f4f5d5fa2d3d6b41ac04c7c53fe36dda631214982b16836657e3605c8fbbbe69a682
- SSDEEP
  
  3072:DpubsXR144r2Qey6tIxFFYNcTxnZ/2y9Ua:DW4b4QpKtIxFFpFncVa
Score

10^/10

raccoon 53508e7dc4e08bd33122d190a04a1200 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon53508e7dc4e08bd33122d190a04a1200spywarestealer

behavioral2

raccoon53508e7dc4e08bd33122d190a04a1200stealer