raccoon | 67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8
Size

194KB
Sample

230122-2expxsbh7v
MD5

0c45befd8113b0b02ef910f3b9f314e4
SHA1

7b1fcb15e6d54b7a4488322853ab6fac106d1b36
SHA256

67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8
SHA512

d70251c820ed637bd49ae65f55191a28fe356addab9eaf5af2b3b8e144c6c96de35f2749aed81af7386c9c286a3a35b7316a229e9ce9a252bcc02e9f8d11d1f6
SSDEEP

3072:kBN0X6eVz9yL2wGdH5Uv7iL/S16s761j8dxyrlrbslnakU5skepvP:8i+L2FdizT16se1j8dxIlrwlPtkwP

Score

10^/10

raccoon smokeloader 94c54520400750937a6f1bf6044f8667 backdoor stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8.exe

Resource

win10v2004-20221111-en

raccoon smokeloader 94c54520400750937a6f1bf6044f8667 backdoor stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://185.181.10.208/

rc4.plain

Targets

- Target
  
  67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8
- Size
  
  194KB
- MD5
  
  0c45befd8113b0b02ef910f3b9f314e4
- SHA1
  
  7b1fcb15e6d54b7a4488322853ab6fac106d1b36
- SHA256
  
  67e48ee9ec9894c670772bd29e179d608f5fcd7d0458590362f87c6bdad22db8
- SHA512
  
  d70251c820ed637bd49ae65f55191a28fe356addab9eaf5af2b3b8e144c6c96de35f2749aed81af7386c9c286a3a35b7316a229e9ce9a252bcc02e9f8d11d1f6
- SSDEEP
  
  3072:kBN0X6eVz9yL2wGdH5Uv7iL/S16s761j8dxyrlrbslnakU5skepvP:8i+L2FdizT16se1j8dxIlrwlPtkwP
Score

10^/10

raccoon smokeloader 94c54520400750937a6f1bf6044f8667 backdoor stealer trojan
- Detects Smokeloader packer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonsmokeloader94c54520400750937a6f1bf6044f8667backdoorstealertrojan

© 2018-2024

Terms | Privacy