raccoon | hxxps://we[.]tl/t-5Ausz7WwmF | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

https://we.tl/t-5Aus...

windows10-2004-x64

Sharing

General

Target

https://we.tl/t-5Ausz7WwmF
Sample

230131-wbxmvsbc8v

Score

10^/10

raccoon 4e27b39e9aaa6403f36702b4d66f5024 stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://we.tl/t-5Ausz7WwmF

Resource

win10v2004-20221111-es

raccoon 4e27b39e9aaa6403f36702b4d66f5024 stealer

windows10-2004-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

raccoon

Botnet

4e27b39e9aaa6403f36702b4d66f5024

C2

http://94.142.138.10/

http://94.142.138.9/

rc4.plain

Targets

- Target
  
  https://we.tl/t-5Ausz7WwmF
Score

10^/10

raccoon 4e27b39e9aaa6403f36702b4d66f5024 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

raccoon4e27b39e9aaa6403f36702b4d66f5024stealer

© 2018-2024

Terms | Privacy