raccoon | 2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b | Triage

Submit
Reports

Overview

overview

Static

static

2dc2086766...4b.exe

windows7-x64

2dc2086766...4b.exe

windows10-2004-x64

Sharing

General

Target

2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b
Size

1.2MB
Sample

230129-za9sksdf6y
MD5

ce0d15c11868233b850b36d86dc8651a
SHA1

14f06ff1b3033f97c8f252c1d952426d2398ddae
SHA256

2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b
SHA512

dd92a71a9300baa6c1dee29625a607348793def280abc1ed36f33512467d6d85f2103e3eac1044e4922b69a9e9ba0739db316c0d98897b055cea51fe597db88f
SSDEEP

24576:KLlgAiobVAshIxxKyTemQHCEd2lAswDCu6U:Ky+h+xTe5iEd2lAswIU

Score

10^/10

raccoon adb6a99d53fb88528fc8a8d19ec6a8e44d08bb95 evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b.exe

Resource

win7-20220812-en

raccoon adb6a99d53fb88528fc8a8d19ec6a8e44d08bb95 evasion stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b.exe

Resource

win10v2004-20221111-en

raccoon adb6a99d53fb88528fc8a8d19ec6a8e44d08bb95 persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.2

Botnet

adb6a99d53fb88528fc8a8d19ec6a8e44d08bb95

Attributes

url4cnc
https://telete.in/h_croka12_1

rc4.plain

rc4.plain

Targets

- Target
  
  2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b
- Size
  
  1.2MB
- MD5
  
  ce0d15c11868233b850b36d86dc8651a
- SHA1
  
  14f06ff1b3033f97c8f252c1d952426d2398ddae
- SHA256
  
  2dc208676683cc2dff3f2becd34cdef58674ed005c5874e869febf14ccf19e4b
- SHA512
  
  dd92a71a9300baa6c1dee29625a607348793def280abc1ed36f33512467d6d85f2103e3eac1044e4922b69a9e9ba0739db316c0d98897b055cea51fe597db88f
- SSDEEP
  
  24576:KLlgAiobVAshIxxKyTemQHCEd2lAswDCu6U:Ky+h+xTe5iEd2lAswIU
Score

10^/10

raccoon adb6a99d53fb88528fc8a8d19ec6a8e44d08bb95 evasion stealer trojan persistence
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoonadb6a99d53fb88528fc8a8d19ec6a8e44d08bb95evasionstealertrojan

behavioral2

raccoonadb6a99d53fb88528fc8a8d19ec6a8e44d08bb95persistencestealer

© 2018-2024

Terms | Privacy