raccoon | 8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04 | Triage

Submit
Reports

Overview

overview

Static

static

File-Set-Up_PC.exe

windows10-1703-x64

Sharing

General

Target

File-Set-Up_PC.exe
Size

726.8MB
Sample

230131-mjvc2ahf9y
MD5

c26f79088276bb0d3d8331bf2a1aa254
SHA1

da5820a87543571ca684d1d0a7271143972ae77e
SHA256

8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04
SHA512

7c3484e0f43a7ecf6141021fdafaa8aa18a10ce7838da86a1931ee5e8f87227addf8b12a8e3cfb5980358942b7fd6c44d44198471212fc9cd8d5ce62b9b1cda4
SSDEEP

196608:GGwDS7B4Xg1IJkXPMo4fZSM+kvV32DpW/b/Cs:GGBV4Xg1IJkf8wkvOsL

Score

10^/10

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

File-Set-Up_PC.exe

Resource

win10-20220812-es

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery spyware stealer

windows10-1703-x64

20 signatures

1800 seconds

Malware Config

Extracted

Family

raccoon

Botnet

8c3e4aa007fb2f2defacc1f952806f72

C2

http://85.192.40.253/

http://170.75.160.9/

http://79.137.195.240/

rc4.plain

Targets

- Target
  
  File-Set-Up_PC.exe
- Size
  
  726.8MB
- MD5
  
  c26f79088276bb0d3d8331bf2a1aa254
- SHA1
  
  da5820a87543571ca684d1d0a7271143972ae77e
- SHA256
  
  8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04
- SHA512
  
  7c3484e0f43a7ecf6141021fdafaa8aa18a10ce7838da86a1931ee5e8f87227addf8b12a8e3cfb5980358942b7fd6c44d44198471212fc9cd8d5ce62b9b1cda4
- SSDEEP
  
  196608:GGwDS7B4Xg1IJkXPMo4fZSM+kvV32DpW/b/Cs:GGBV4Xg1IJkf8wkvOsL
Score

10^/10

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon8c3e4aa007fb2f2defacc1f952806f72discoveryspywarestealer

© 2018-2024

Terms | Privacy