raccoon | da992304f79b12d5f24f1adc41c7164146a484c84ae7858bf862f433fae7b5fb | Triage

Submit
Reports

Overview

overview

Static

static

ChromeSetup.exe

windows7-x64

ChromeSetup.exe

windows10-2004-x64

Sharing

General

Target

ChromeSetup.iso
Size

335.8MB
Sample

221216-pzp5cseg23
MD5

1bcee54c55350a70e04534ea656c9f81
SHA1

85f3662015ab248ae9a807787e49d1f4ee74d96d
SHA256

da992304f79b12d5f24f1adc41c7164146a484c84ae7858bf862f433fae7b5fb
SHA512

b030cbb62c2a0dbde77641a1b96e3a24a0a7d2c8fdb0780ca074b69d4684dfe402ad43fbe95af3a4c662744f71bef504f646580eda3bf4320dc4eac9c1dbfc7f
SSDEEP

49152:XA2V4sA5q3dE0FLynxOE8ucNGkiLAiB6VoI36Bj08Qdk:XA9WE0UJkiEpZ36Bvr

Score

10^/10

raccoon 97ba7f533329d8e5450500fe0b5beb39 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win7-20221111-en

raccoon 97ba7f533329d8e5450500fe0b5beb39 stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChromeSetup.exe

Resource

win10v2004-20220901-en

raccoon 97ba7f533329d8e5450500fe0b5beb39 discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

97ba7f533329d8e5450500fe0b5beb39

C2

http://94.131.98.162/

rc4.plain

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  335.3MB
- MD5
  
  6332e0bfbd291e2e5eb975fe505a41bb
- SHA1
  
  21aa54aac93983b7dfeb99ec5d7b0a171f878c41
- SHA256
  
  7aa136cc562458b6b08662f4229c81253abdcb9fae7a12e74624e62558cd3d63
- SHA512
  
  dff55fb17c9a1acd47b9cc63fc14aa317b95c8d293ea73448844db733a45b2554cf2f3d29d4500d658c1e7ae69f6e2b4b3e0624e6b753c94296db58f776ce299
- SSDEEP
  
  49152:pA2V4sA5q3dE0FLynxOE8ucNGkiLAiB6VoI36Bj08Qdk:pA9WE0UJkiEpZ36Bvr
Score

10^/10

raccoon 97ba7f533329d8e5450500fe0b5beb39 stealer discovery spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon97ba7f533329d8e5450500fe0b5beb39stealer

behavioral2

raccoon97ba7f533329d8e5450500fe0b5beb39discoveryspywarestealer

© 2018-2024

Terms | Privacy