raccoon | 4d18cd22365f3f3d714fca4a674014fc7a68d6029da4c53a94fe950189f9c956 | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

NewstVersion_1234_InstallerPass.rar
Size

4MB
Sample

221220-qs8hsshe99
MD5

cda1504b1d4004c8bf3b90b9035ebeb8
SHA1

46832d82bc25c7363f32b3473872936e97cfe990
SHA256

4d18cd22365f3f3d714fca4a674014fc7a68d6029da4c53a94fe950189f9c956
SHA512

3932b135f10e2cf84811fb462b4dc9e804883fb6aed2262848dcf543515a00e5b14728d8c700286402b5232083b394c1180e4c55ddd383ba1de03731eb00dd5c
SSDEEP

98304:8/W8ZSAQXOhvyrvtrfyz7bpVs6pOohZsKRPm5:8u8kA0OhqRrKz3Ee5RO5

Score

10^/10

raccoon b4f472421ce1f18efd9f610339c3dae1 evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

raccoon b4f472421ce1f18efd9f610339c3dae1 evasion stealer themida trojan

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220812-en

raccoon b4f472421ce1f18efd9f610339c3dae1 evasion stealer themida trojan

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

raccoon

Botnet

b4f472421ce1f18efd9f610339c3dae1

C2

http://77.73.134.30/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  427MB
- MD5
  
  9d2b9885fdb0885ac11bd944c86c4655
- SHA1
  
  eeeebef1fd514f1b697158c990ba94b9c752374c
- SHA256
  
  ef70efe0a3cd860831657fa7ee8d832d49c8d8489df4b35d2480cc043bbb1b04
- SHA512
  
  6ca0fe74cec6b22e9d9da927614cfed8440d153f8852fc938b7f156b95c29ddca7b652557635ebb6aa7197ad37c0a09d475deedddc44316ddac929cdac7b4813
- SSDEEP
  
  98304:b8vH233wZUFkCNauJm+UPp7WMZwa/jOTN:bowwP+UxaMZxbOT
Score

10^/10

raccoon b4f472421ce1f18efd9f610339c3dae1 evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonb4f472421ce1f18efd9f610339c3dae1evasionstealerthemidatrojan

behavioral2

raccoonb4f472421ce1f18efd9f610339c3dae1evasionstealerthemidatrojan

© 2018-2023

Terms | Privacy