raccoon | ae92d476788fccd569d64f051717bc7632abea99bb229bc11daa41543847ff92 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

272KB
Sample

221128-sy682ade49
MD5

1b41c5a775c3b68a574a1ee62a030482
SHA1

c4286a02cef642ae98a2ec9de11fcc442264b644
SHA256

ae92d476788fccd569d64f051717bc7632abea99bb229bc11daa41543847ff92
SHA512

16fb5021f4aa135200bb278866ec4c557f2e79b59cff975aa8db7fa8b1ee6cde6e24a366a6741514a44b3aed208ccf52137a1c65dd3c7186397e0df10657930a
SSDEEP

6144:A+fWFvImGHdeao7p1t+nHduVFvg4/FQF:AjFvIfIao7Tt3DgSm

Score

10^/10

raccoon smokeloader ac3d98d56818de8ac1c6d9d84122c3d5 backdoor stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

raccoon smokeloader ac3d98d56818de8ac1c6d9d84122c3d5 backdoor stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ac3d98d56818de8ac1c6d9d84122c3d5

C2

http://65.108.248.168

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  272KB
- MD5
  
  1b41c5a775c3b68a574a1ee62a030482
- SHA1
  
  c4286a02cef642ae98a2ec9de11fcc442264b644
- SHA256
  
  ae92d476788fccd569d64f051717bc7632abea99bb229bc11daa41543847ff92
- SHA512
  
  16fb5021f4aa135200bb278866ec4c557f2e79b59cff975aa8db7fa8b1ee6cde6e24a366a6741514a44b3aed208ccf52137a1c65dd3c7186397e0df10657930a
- SSDEEP
  
  6144:A+fWFvImGHdeao7p1t+nHduVFvg4/FQF:AjFvIfIao7Tt3DgSm
Score

10^/10

smokeloader backdoor trojan raccoon ac3d98d56818de8ac1c6d9d84122c3d5 stealer
- Detects Smokeloader packer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

raccoonsmokeloaderac3d98d56818de8ac1c6d9d84122c3d5backdoorstealertrojan

© 2018-2024

Terms | Privacy