raccoon

Sharing

Copy URL

Twitter E-mail

General

Target

Software.zip
Size

22.1MB
Sample

230221-jncr1aea68
MD5

e1b1893e70b506951562ff4b799d5707
SHA1

0e044b8455cc55aaa0e25fabda4e9955a93d355b
SHA256

184c0d536e94e802fbadccc66915ae865c98134fe968e3bbc3bdb49378b37dce
SHA512

c4e4a26a667b8b6bdd39cc96fd5239289bfe9b2178d1900ac2567969f7b7d00cbbab389f6743900fcb3738a12cd5e3f51f5447e3aa57971627ba423c9e620273
SSDEEP

393216:KH+Hj7eJbwHEIaXhwMDM+VP9EUhHQdmEonhJjdmE8HSdmE6nhL0nhVC:KeD7SzIazQ+VP97wonhJT826nhL0nhVC

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

769697934194cbf139d35b78f11aeea0

http://5.75.242.235/

http://142.132.191.50/

http://79.137.206.31/

http://79.137.248.136/

rc4.plain

Targets

- Target
  
  Software/About/CoreFile.docx
- Size
  
  1.3MB
- MD5
  
  71fda98dec9558a1f3fd0997da984afe
- SHA1
  
  bfa62ac61a091802a45a0c01fa9ddab5c3354adf
- SHA256
  
  d58843e02d3d29b14ecda7902721e28bbd5491d9803bc96e35c1fa4e36fdec0d
- SHA512
  
  788b6dd9c991aa9ce64f99625ab8ff9347a2deb234d453b3a37fe5be2a7e68ba5dd8991e26a5623fcac164682681fb253edfa3e11823a557078fc47b32aae2d8
- SSDEEP
  
  24576:+9k65zehP8nFJYD3yVzNiVz5cnPTzgJ/jrW1nfuxafECqduek2AAQZnlfWpes:+ke2P8ouzNgzy7kJXcYCumZnxWf
Score

4^/10
behavioral1 behavioral2
- Target
  
  Software/Resources/About/CoreFile.docx
- Size
  
  1.3MB
- MD5
  
  71fda98dec9558a1f3fd0997da984afe
- SHA1
  
  bfa62ac61a091802a45a0c01fa9ddab5c3354adf
- SHA256
  
  d58843e02d3d29b14ecda7902721e28bbd5491d9803bc96e35c1fa4e36fdec0d
- SHA512
  
  788b6dd9c991aa9ce64f99625ab8ff9347a2deb234d453b3a37fe5be2a7e68ba5dd8991e26a5623fcac164682681fb253edfa3e11823a557078fc47b32aae2d8
- SSDEEP
  
  24576:+9k65zehP8nFJYD3yVzNiVz5cnPTzgJ/jrW1nfuxafECqduek2AAQZnlfWpes:+ke2P8ouzNgzy7kJXcYCumZnxWf
Score

4^/10
behavioral3 behavioral4
- Target
  
  Software/Resources/Engine_x32.dll
- Size
  
  108KB
- MD5
  
  4f2712e0d78459a1e9d9940015505b52
- SHA1
  
  1d3cde855b59567a52e5fd60b2671a363b65f706
- SHA256
  
  bb77efde7a4596b880cb995f863f371ae212736a9cc694ea093dff5bcf6a6c67
- SHA512
  
  8c96da16c32cfa6f3e0e940952079abfc716d9900c4b0b8f01ec7f163bf2b10cfd3341b25c39caabbf8c34b7ac0a6b460a65af912f4bde8488ed82af70625512
- SSDEEP
  
  3072:JAcPlem5+yyDJhZcmy3sRi0+ba2VWndROdw9um:Jgm5+yoxy3s2baE2dRX9n
Score

1^/10
behavioral5 behavioral6
- Target
  
  Software/Resources/lgpllibs.dll
- Size
  
  37KB
- MD5
  
  2f0cb93abebfd247176b5d0527c62ecb
- SHA1
  
  1b6ab1cd0b77bf77aed18567a65937acabaa5ff3
- SHA256
  
  80e043c258c7f2b00bbdb26268a7a5c4b31875f3864e0e2d71af88ba74932184
- SHA512
  
  5207218a78c756ead6963e8fe1758eb1e4c3f09f16aede9e76762900abcaa797c6ced002ecd5304d43a155f1d4c7fa8ebb31dc05a9ec8b44d4c69fac6d0f4e20
- SSDEEP
  
  384:rbijnYW+DZZMwrusWsWQfRl30fP5/A5KFUkYvitA/QcP+ACxwJ93PvDG/t8E9VFW:/ijnQDnzruRNQfv0fP5/orVHDGyEAdN
Score

1^/10
behavioral7 behavioral8
- Target
  
  Software/Resources/libEGL.dll
- Size
  
  39KB
- MD5
  
  ebc5d564cc5d116bbf21a2e00d4fcc96
- SHA1
  
  da49b16c022586e616b08944e280c31bf438fd11
- SHA256
  
  d76600edf7a39ee7656f8b49c78d11f82cf9e14c70f9897c863e8933b913ce4d
- SHA512
  
  faf10c609c39055a76b661a46f914e0a657ce4b98dee9befadf742dc578c38aeb322908afb17722cb000542549516a5aceb647aef1ac4863ef29c1234b1b02da
- SSDEEP
  
  384:zzNSHR1I7jygakPISPMtVux5VzVYhwbRJER0n2JwK92uMvDG/t8E9VFK4iFrwXv:zBSHkISPMtV2LV6iER0Wwe2tDGyEAzwf
Score

1^/10
behavioral10 behavioral9
- Target
  
  Software/SetUp_PC.exe
- Size
  
  726.6MB
- MD5
  
  ee7dbb1cdcaf1920500fa76b44afea3d
- SHA1
  
  17cb6aa15175d2cb8106455b181ee1ff75d4d34d
- SHA256
  
  7ecc8b4f8ec5662bd97aa3e1eb162e6684d8c2196b3414bece5b059c01d38ff0
- SHA512
  
  fe5abaa5e1a5f0932134e26871f3e5ff7248e4c132450e169987d2f0310a25b3a9770c620671704aa12533e827f499b93b78789edbb796391cc9c60497adadbe
- SSDEEP
  
  196608:09qedEvqljzejFrEcrWu2PAe72WHeu+cHVkAhyfKAe0p5:+Iq1KzWu2P/2WHeuNWAhyCAt5
Score

10^/10

raccoon 769697934194cbf139d35b78f11aeea0 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  Software/Sourse/About/CoreFile.docx
- Size
  
  1.3MB
- MD5
  
  71fda98dec9558a1f3fd0997da984afe
- SHA1
  
  bfa62ac61a091802a45a0c01fa9ddab5c3354adf
- SHA256
  
  d58843e02d3d29b14ecda7902721e28bbd5491d9803bc96e35c1fa4e36fdec0d
- SHA512
  
  788b6dd9c991aa9ce64f99625ab8ff9347a2deb234d453b3a37fe5be2a7e68ba5dd8991e26a5623fcac164682681fb253edfa3e11823a557078fc47b32aae2d8
- SSDEEP
  
  24576:+9k65zehP8nFJYD3yVzNiVz5cnPTzgJ/jrW1nfuxafECqduek2AAQZnlfWpes:+ke2P8ouzNgzy7kJXcYCumZnxWf
Score

4^/10
behavioral13 behavioral14
- Target
  
  Software/Sourse/About/Sourse/cs/D3Dcompiler_47.dll
- Size
  
  3.3MB
- MD5
  
  3d754486995769183d176c167de4f18b
- SHA1
  
  08249b4110f28b7740e620975d7b0fe4a85a71b2
- SHA256
  
  0c31e116441d4da0f08ca4182ac4099d7a2e2fea746903cc92d116173de3f81d
- SHA512
  
  e4567dc43588a60efcc8ee0bdb86a0e69189a4630f6cc31ce5e35d7bd6dd4a9af67eee076ebac064b77d2e17ac29e82ccdee393bfd71eccc2a781a7acab51e39
- SSDEEP
  
  49152:dyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQD:29fWAwVBC8MH2JNSF8+YPsXqUTD
Score

3^/10
behavioral15 behavioral16
- Target
  
  Software/Sourse/About/Sourse/cs/VVXA.dll
- Size
  
  6KB
- MD5
  
  80ace199c226c57c680768eb852c2ae1
- SHA1
  
  f29aab2a13df7a3c7a6035c48069238bf5f86e97
- SHA256
  
  842a0be3f55cfe26f09c82aa6bb91339e9caedea9a784a838e821d22d24e61fc
- SHA512
  
  68ecbe046ea5adb530eb4bf8fd018fd4d880c771236edd91ca5f7dd6d538ecb2e46e94f06d5d6188c9e46349af99922feadbe8d7799d6c19d6754405604b7452
- SSDEEP
  
  96:jwJDYi+p0ulFqLUQxd6RrRi4ogj/ACusermdAv2xDlzZcwfDTp3RkWa1wW:jwJEiBDmr0NAFD9xpzZKWa1wW
Score

1^/10
behavioral17 behavioral18
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/README.md
- Size
  
  1KB
- MD5
  
  991a77a7f185e76b4cdad588540f7795
- SHA1
  
  c74b52750b86f5a7123d8d9dcd3ea9da13e00a55
- SHA256
  
  343126fb537dff156ff58af0f36ff771ae7c2e2f773610880112978dfd86ec62
- SHA512
  
  2b8ce64e6e800efeb8b0410d4828a7f36748f9aae91cb3c38c39bb3771abd26a7694d6c0b835900f504a2b7e09e9692c6ddb77e1f3a1a604e5b0b8b9c15c0739
Score

1^/10
behavioral19 behavioral20
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/dist/unbzip2-stream.min.js
- Size
  
  109KB
- MD5
  
  57c887a53ba908b93c78298c4aa703bd
- SHA1
  
  8146f70ff5039d38e1ae18d367380285c47193f4
- SHA256
  
  bcc23d91133016445ebad57e124044c533983d43187a4c57ba08fe4bd96c6e9c
- SHA512
  
  dd0dcedf21c867e977446856ef21a0e19cea05b13594602844c190989d41bcb106df5c743e88a4d0d8067b31609468fa85bc6e58f0f518443a642d67fdf509fa
- SSDEEP
  
  1536:0bOaaJ24WLF7qUJOpLppLHHV2rX3wg4Wo82O9TsYyYxagBs3cbjfZ:DJ24WorpLppLHIwgfQSe3m
Score

1^/10
behavioral21 behavioral22
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/index.js
- Size
  
  2KB
- MD5
  
  b4057dc1543c652fcbe7dff5befff5c1
- SHA1
  
  157a82444b1e4a2bbf530babb8469c8f9b3afea6
- SHA256
  
  0407be99f5b8ac7c525d2619fa002cae394ab05b64ac16b43eae162f0e02a9bf
- SHA512
  
  8f2e4440c29e2452c0382f62b2f993808d8da6e357e6fbc3e4428ab96507437d5ad81d3c3ea390ea665c6badfefc2dee66868589ec7373e7e01e8f5b07d37384
Score

1^/10
behavioral23 behavioral24
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/lib/bit_iterator.js
- Size
  
  1KB
- MD5
  
  02790827520d7d9c46b2e7457f9a4638
- SHA1
  
  a07fc0003f042d1e65fa62a8c096ca32279b82cc
- SHA256
  
  f8dd712bab8b6b2ce692e513743141f2145397bedda62c9ff186c94ade8497c7
- SHA512
  
  983d3cdf8dd249fbecef07524ebccbc2db5760ab6b44616758d104689424c32798ac3c1e0d50466760f1c9fdfff46d25648cf0f6408b205dda78af4ad194d4b0
Score

1^/10
behavioral25 behavioral26
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/lib/bzip2.js
- Size
  
  12KB
- MD5
  
  97e79f5e79cd821702f3b8ba474fa041
- SHA1
  
  32caaa3ecec1543c0ff81ea82912ef1f477e3b24
- SHA256
  
  7005ce0c6b1b327f92583f3d06047f786f9fbe116aeb70c6a6bf1feda88ed816
- SHA512
  
  0799c2af3e48b443bf515139ab325f0a9e2fe89294941ddb86fc5bde778ea07c556bc3e64111cadba52c52a249ed346c93cd9214bf898bcb773f28dd5dafbe60
- SSDEEP
  
  384:kxMEXTAYGmA+Kdy+meCMfeznvbZohS8kJ+yGzoJtvlf2AgGfpwh:4MERu+Ly4nto2JYUhp1O
Score

1^/10
behavioral27 behavioral28
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/node_modules/buffer/README.md
- Size
  
  16KB
- MD5
  
  52b2d40b08d57599867eb4544502bbc7
- SHA1
  
  10d69c50139d95dc37feaab872c5c2848fd3b089
- SHA256
  
  e45e1554755cf7f9a2518706a554f941453d4be9a332e8a0b4cae1863c5e9727
- SHA512
  
  9a484aff81d965249c716dfa477f8f06746fb691e525acaa482e01f76a7f11d2bb0bd38d1205d33ef27b9b96ed2d27c6ee71eeff30d4082ee0a9f9d46f743404
- SSDEEP
  
  192:bp6RAJnsmp9lP9pHBWfz/K12WqYlJ0yJZN5UO9HG5Tom8ol92GVVXQWFouljcfGl:t6RAJnsmp9TSuuljYGskVsaHrnApDcL
Score

1^/10
behavioral29 behavioral30
- Target
  
  Software/Sourse/About/Sourse/cs/unbzip2-stream/node_modules/buffer/index.js
- Size
  
  48KB
- MD5
  
  c099c2e821c5e495838bacfc7fe57560
- SHA1
  
  1ba5f29e239a2f1ea910a6ce5ffc0d0ebcae0dff
- SHA256
  
  9fab6e5f345b42e0ab83cac4c0790d40b77b21ad6af47ace7364f3f6a1f8d8d4
- SHA512
  
  98142be9414d9443404457cac2e1d25f6ccc9e8738d697db69e6dc1a1d20efca3246e6030c1ebec9f5a67237afa4a518aae7d1aeb2cb45db495effa889d7f4b6
- SSDEEP
  
  768:Z1LpxwRMgA2FT6ASsVTagfeN5W7nPvm4/lIaXOiuCvmKKK+cwQR3LMvAPiDgUYz9:URzQAcAt
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32