raccoon | 188314f98001d8dab68065dbd36ac6fb16f1f1869a7b2eed38572f2c8e21aaf6 | Triage

Sharing

General

Target

setupsoftapp19.0.zip
Size

2.8MB
Sample

230127-tvsf5sde4s
MD5

cdbdd350932443f101f91741a92ffe07
SHA1

ca5139f857e68505c11e495a250f309a87844890
SHA256

188314f98001d8dab68065dbd36ac6fb16f1f1869a7b2eed38572f2c8e21aaf6
SHA512

2942f81f43cb3de047a0f5cfabbb444a796ef3fa5e8f4345e911d6730741ffc1628a5250dad38dc87a7fc6d103dc71ec7f7b2c6f31eec1ad2ac8a933cff7197b
SSDEEP

49152:SqQQQUfpL0cBuZa3Vu49nWrrn+hW9vlusDFX0+56Q6P+HdttHy:bQShL0WcB49nWrrN9YoFk+56n2HdHS

Score

10^/10

raccoon 3f4a8564e5026a245d6974b020b3f6de persistence spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

3f4a8564e5026a245d6974b020b3f6de

C2

http://45.15.156.225/

rc4.plain

Targets

- Target
  
  setupsoftapp19.0/setupsoftapp19.0.exe
- Size
  
  662.6MB
- MD5
  
  7e3b388e559cd52d89365b77809df136
- SHA1
  
  e8dfcabcc2dfa7d803065d19b1922e08285bba93
- SHA256
  
  1c45a3aadd842b6c8c1e2920a270cc0a23493cee81d1d1833e4471a1c72973a5
- SHA512
  
  cebddf2f8b202f5e045bbaa74a3c3527f5fe8ee6352780217fd8413cb173d6ae164a76beeabd4a9da8633e51852528b70478ff4dacf2db588f9e869e54c1ec15
- SSDEEP
  
  12288:/MqhiSc4GDW93i1m3ZarAxxHuAK9MYCDAOmCLwY7NZ/zj6hmS6H1tp6S979ESZGt:Hzcow15KyA751q
Score

10^/10

raccoon 3f4a8564e5026a245d6974b020b3f6de persistence spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoon3f4a8564e5026a245d6974b020b3f6depersistencespywarestealer