raccoon | 086597278e12f85f681434711e5c61d4ab0ae8637eb02da51980c381428144f5 | Triage

Submit
Reports

Overview

overview

Static

static

1

Adobe Reader W10.exe

windows10-2004-x64

Sharing

General

Target

Adobe Reader W10.exe
Size

170.7MB
Sample

230204-29ahwaad3z
MD5

335e91e2cb652048ba440411b9f8f2c6
SHA1

600262a0d18d9ab6142ab7c669057fbcc4da0bd9
SHA256

086597278e12f85f681434711e5c61d4ab0ae8637eb02da51980c381428144f5
SHA512

627892316329ec3fa2051579992d99ace6c90253f45468d9512528107875444b9e7f55bbb67059e5028aac47585c2edb9425fe3d7c9a6ad663a5cb3a471e2e71
SSDEEP

3145728:zzq68nRPiL6n6hokae38T37ewj/FR5HGhd34WR3W8fEbc2fjX5HGOfpWaJRlpxNq:zG6wRiWYokaeMT37Z9nHGf34WV3fEYo3

Score

10^/10

raccoon evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Adobe Reader W10.exe

Resource

win10v2004-20220812-es

raccoon evasion persistence stealer trojan

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  Adobe Reader W10.exe
- Size
  
  170.7MB
- MD5
  
  335e91e2cb652048ba440411b9f8f2c6
- SHA1
  
  600262a0d18d9ab6142ab7c669057fbcc4da0bd9
- SHA256
  
  086597278e12f85f681434711e5c61d4ab0ae8637eb02da51980c381428144f5
- SHA512
  
  627892316329ec3fa2051579992d99ace6c90253f45468d9512528107875444b9e7f55bbb67059e5028aac47585c2edb9425fe3d7c9a6ad663a5cb3a471e2e71
- SSDEEP
  
  3145728:zzq68nRPiL6n6hokae38T37ewj/FR5HGhd34WR3W8fEbc2fjX5HGOfpWaJRlpxNq:zG6wRiWYokaeMT37Z9nHGf34WV3fEYo3
Score

10^/10

raccoon evasion persistence stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonevasionpersistencestealertrojan

© 2018-2024

Terms | Privacy