raccoon | 45619f537bc4f0a4e6e29a409c6d5564b9e839a8b01b2752133c97d941ea9fd0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Installer.exe
Size

6.2MB
Sample

221223-24jvcsce4x
MD5

41b6dd93500d0e78f9b4c3b636d95004
SHA1

83378968413eba11f0a69dcdb32b8a789e7b4bd0
SHA256

45619f537bc4f0a4e6e29a409c6d5564b9e839a8b01b2752133c97d941ea9fd0
SHA512

a7a52a69f40cdd87d7ca790835b452af475777f5556dcdc5b164c5bfae6baf1b48b688afe91a8f7b710bb98b02cefbd35052c2d0422c6f7c846ba767b469d3d3
SSDEEP

98304:UrXu/WyjgXH0p6Bpm1pcCRD69sfHZ+HQz5QDDPVrOTf5NEEIGdsWI60cIQfy6mfP:UrXu/WyjgXUIBpm4mD69sfeQzWDDsBm

Score

10^/10

raccoon 64b445f2d85b7aeb3d5c7b23112d6ac3 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

64b445f2d85b7aeb3d5c7b23112d6ac3

C2

http://45.15.156.105/

rc4.plain

Targets

- Target
  
  Installer.exe
- Size
  
  6.2MB
- MD5
  
  41b6dd93500d0e78f9b4c3b636d95004
- SHA1
  
  83378968413eba11f0a69dcdb32b8a789e7b4bd0
- SHA256
  
  45619f537bc4f0a4e6e29a409c6d5564b9e839a8b01b2752133c97d941ea9fd0
- SHA512
  
  a7a52a69f40cdd87d7ca790835b452af475777f5556dcdc5b164c5bfae6baf1b48b688afe91a8f7b710bb98b02cefbd35052c2d0422c6f7c846ba767b469d3d3
- SSDEEP
  
  98304:UrXu/WyjgXH0p6Bpm1pcCRD69sfHZ+HQz5QDDPVrOTf5NEEIGdsWI60cIQfy6mfP:UrXu/WyjgXUIBpm4mD69sfeQzWDDsBm
Score

10^/10

raccoon 64b445f2d85b7aeb3d5c7b23112d6ac3 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon64b445f2d85b7aeb3d5c7b23112d6ac3spywarestealer

behavioral2

raccoon64b445f2d85b7aeb3d5c7b23112d6ac3spywarestealer