raccoon | 26cb5be0ae5f89583845a9356dc92637974c0d05951cb52f21865c7b659ff26a | Triage

Sharing

General

Target

file.exe
Size

8.3MB
Sample

221202-s4tj5abd73
MD5

28cfaceff27b7b3f38c6cea6a4749158
SHA1

6f7e102986704634a4cc59418a3d6c3aa3245aed
SHA256

26cb5be0ae5f89583845a9356dc92637974c0d05951cb52f21865c7b659ff26a
SHA512

46e6011df46ebf05db86981f42390fd60d5ae3ed8ad1fd19f6f342011ba68392cadd3028931e83d3430914a5473133471a20161b2c9de62f0be1090b6217d402
SSDEEP

196608:/1Cb1InlEuQSJWKOpGUQwVLu7kOBu/d1oetOekv6J:/1Cb+lEutJFOpGUQwV6aoetRJ

Score

10^/10

raccoon 64b445f2d85b7aeb3d5c7b23112d6ac3 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

64b445f2d85b7aeb3d5c7b23112d6ac3

C2

http://45.15.156.105/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  8.3MB
- MD5
  
  28cfaceff27b7b3f38c6cea6a4749158
- SHA1
  
  6f7e102986704634a4cc59418a3d6c3aa3245aed
- SHA256
  
  26cb5be0ae5f89583845a9356dc92637974c0d05951cb52f21865c7b659ff26a
- SHA512
  
  46e6011df46ebf05db86981f42390fd60d5ae3ed8ad1fd19f6f342011ba68392cadd3028931e83d3430914a5473133471a20161b2c9de62f0be1090b6217d402
- SSDEEP
  
  196608:/1Cb1InlEuQSJWKOpGUQwVLu7kOBu/d1oetOekv6J:/1Cb+lEutJFOpGUQwV6aoetRJ
Score

10^/10

raccoon 64b445f2d85b7aeb3d5c7b23112d6ac3 stealer spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon64b445f2d85b7aeb3d5c7b23112d6ac3stealer

behavioral2

raccoon64b445f2d85b7aeb3d5c7b23112d6ac3spywarestealer