raccoon

General

Target

ChromeSetup.iso
Size

335.8MB
Sample

221216-pzp5cseg23
MD5

1bcee54c55350a70e04534ea656c9f81
SHA1

85f3662015ab248ae9a807787e49d1f4ee74d96d
SHA256

da992304f79b12d5f24f1adc41c7164146a484c84ae7858bf862f433fae7b5fb
SHA512

b030cbb62c2a0dbde77641a1b96e3a24a0a7d2c8fdb0780ca074b69d4684dfe402ad43fbe95af3a4c662744f71bef504f646580eda3bf4320dc4eac9c1dbfc7f
SSDEEP

49152:XA2V4sA5q3dE0FLynxOE8ucNGkiLAiB6VoI36Bj08Qdk:XA9WE0UJkiEpZ36Bvr

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

97ba7f533329d8e5450500fe0b5beb39

C2

http://94.131.98.162/

rc4.plain

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  335.3MB
- MD5
  
  6332e0bfbd291e2e5eb975fe505a41bb
- SHA1
  
  21aa54aac93983b7dfeb99ec5d7b0a171f878c41
- SHA256
  
  7aa136cc562458b6b08662f4229c81253abdcb9fae7a12e74624e62558cd3d63
- SHA512
  
  dff55fb17c9a1acd47b9cc63fc14aa317b95c8d293ea73448844db733a45b2554cf2f3d29d4500d658c1e7ae69f6e2b4b3e0624e6b753c94296db58f776ce299
- SSDEEP
  
  49152:pA2V4sA5q3dE0FLynxOE8ucNGkiLAiB6VoI36Bj08Qdk:pA9WE0UJkiEpZ36Bvr
Score

10^/10

raccoon 97ba7f533329d8e5450500fe0b5beb39 stealer discovery spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2