raccoon | 5a53c1d7e6761dbe6b6ae5788cc6ffbbe78794d1eabc736251cce47c13ccfcc3 | Triage

Sharing

General

Target

tmp
Size

737KB
Sample

230218-p4dbcscb94
MD5

8d013b4129e9f90f841a494190847b31
SHA1

53cefb2945a37889b5442cc45aea28dea8a5ac22
SHA256

5a53c1d7e6761dbe6b6ae5788cc6ffbbe78794d1eabc736251cce47c13ccfcc3
SHA512

c9152eb756d1d7ecf988c275365bb4bc4e7de7286a00893b9814d65bd6693e25be9509e1f3829db93bec629c6a9cec9252f645858bef0f6ee221b913da20dfbb
SSDEEP

12288:OS7vhV8dsyhucBzpzsr84zykKlj1tQowfxAiMNCXMfoufjuKLtnY3jIqP:VVEspUzxs4+Wlj1TZnJfo2TwEqP

Score

10^/10

raccoon 61a50d0da0e17c26716a9c0c62e3aa4b persistence stealer

Malware Config

Extracted

Family

raccoon

Botnet

61a50d0da0e17c26716a9c0c62e3aa4b

C2

http://31.41.244.153

rc4.plain

Targets

- Target
  
  tmp
- Size
  
  737KB
- MD5
  
  8d013b4129e9f90f841a494190847b31
- SHA1
  
  53cefb2945a37889b5442cc45aea28dea8a5ac22
- SHA256
  
  5a53c1d7e6761dbe6b6ae5788cc6ffbbe78794d1eabc736251cce47c13ccfcc3
- SHA512
  
  c9152eb756d1d7ecf988c275365bb4bc4e7de7286a00893b9814d65bd6693e25be9509e1f3829db93bec629c6a9cec9252f645858bef0f6ee221b913da20dfbb
- SSDEEP
  
  12288:OS7vhV8dsyhucBzpzsr84zykKlj1tQowfxAiMNCXMfoufjuKLtnY3jIqP:VVEspUzxs4+Wlj1TZnJfo2TwEqP
Score

10^/10

persistence raccoon 61a50d0da0e17c26716a9c0c62e3aa4b stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoon61a50d0da0e17c26716a9c0c62e3aa4bpersistencestealer