raccoon | 0c346b8657a834a536575fb82a6b9ee37c738547fb2e4de821917d9131ec3fe2 | Triage

Sharing

General

Target

file.exe
Size

676KB
Sample

230129-z8fmdseg3t
MD5

86f5fc4c4e892540dd55816b592e6acc
SHA1

72ddfd7b2be3c8c0f8ef61024c815f6bf9c89291
SHA256

0c346b8657a834a536575fb82a6b9ee37c738547fb2e4de821917d9131ec3fe2
SHA512

9f6b15b2aee343bc92b38a91ada6758363f10638f3447ce945fbb8422a85297542d5453aa2ba51264a257eaa13eb28665b2e17ae8735b59fd08be67a979d11aa
SSDEEP

12288:28BR8ZROp7Z9Go5k25A0qkVUtNB22/+qaSaLMJfTE6EpcK:2e4o7G0k2bVUtNB523rSTE6Yj

Score

10^/10

raccoon 04f8fa0bf52b1b98a127f6deeac54f84 spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

04f8fa0bf52b1b98a127f6deeac54f84

C2

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/

http://45.15.156.222/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  676KB
- MD5
  
  86f5fc4c4e892540dd55816b592e6acc
- SHA1
  
  72ddfd7b2be3c8c0f8ef61024c815f6bf9c89291
- SHA256
  
  0c346b8657a834a536575fb82a6b9ee37c738547fb2e4de821917d9131ec3fe2
- SHA512
  
  9f6b15b2aee343bc92b38a91ada6758363f10638f3447ce945fbb8422a85297542d5453aa2ba51264a257eaa13eb28665b2e17ae8735b59fd08be67a979d11aa
- SSDEEP
  
  12288:28BR8ZROp7Z9Go5k25A0qkVUtNB22/+qaSaLMJfTE6EpcK:2e4o7G0k2bVUtNB523rSTE6Yj
Score

10^/10

raccoon 04f8fa0bf52b1b98a127f6deeac54f84 stealer spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon04f8fa0bf52b1b98a127f6deeac54f84stealer

behavioral2

raccoon04f8fa0bf52b1b98a127f6deeac54f84spywarestealer