raccoon

General

Target

012ee0a23c40935a627a248029f84a66
Size

1.9MB
Sample

230116-fb6mrsdc7z
MD5

012ee0a23c40935a627a248029f84a66
SHA1

9411b6efcc469a2e65f15ea80a6d99b513fe6f15
SHA256

e2727341a73bf1324e5fc78bb7513d1b48a51e5c0b9e70ada664d889e84d4cbe
SHA512

fb0a1ef699ac05f89f873274c0b25523613df9fb7eef9d9f4c3d57aa413bc176d7b8d5d29166903e278be0d2a5aefdc9d30e7ca65391436beeb4ebd047416d0d
SSDEEP

49152:I9LbZ45uXKuE+mkrPUZ7K+9KcWXTkm4aMD6ICO6k:ALbQAKuElkrPUZ7K+kZj3tMD6Ix

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

db93e0d0875ba0f35b0afd8258337565

C2

http://94.131.3.70/

rc4.plain

Targets

- Target
  
  012ee0a23c40935a627a248029f84a66
- Size
  
  1.9MB
- MD5
  
  012ee0a23c40935a627a248029f84a66
- SHA1
  
  9411b6efcc469a2e65f15ea80a6d99b513fe6f15
- SHA256
  
  e2727341a73bf1324e5fc78bb7513d1b48a51e5c0b9e70ada664d889e84d4cbe
- SHA512
  
  fb0a1ef699ac05f89f873274c0b25523613df9fb7eef9d9f4c3d57aa413bc176d7b8d5d29166903e278be0d2a5aefdc9d30e7ca65391436beeb4ebd047416d0d
- SSDEEP
  
  49152:I9LbZ45uXKuE+mkrPUZ7K+9KcWXTkm4aMD6ICO6k:ALbQAKuElkrPUZ7K+kZj3tMD6Ix
Score

10^/10

raccoon db93e0d0875ba0f35b0afd8258337565 evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2