raccoon

Resubmissions

21-02-2023 11:28

230221-nk4hrsge2v 10

18-02-2023 02:18

230218-cq92ysaa6x 8

Sharing

Copy URL

Twitter E-mail

General

Target

Use_66656_As_Passw0rd.rar
Size

17.6MB
Sample

230221-nk4hrsge2v
MD5

a90a6f3e9a7941fd120ea70d93cd6e07
SHA1

5e530f2d2467f09310523b0df0cab5dabe04e9b6
SHA256

2a6ecde72991f3e1dba3d49106e26237bd95a505cd97d0b5caea59723e6fb28e
SHA512

ab2672a1a980d5fceddeb1b677b5e97e8278edc3efc50cd98b54f1ab1c353c52713ecd7756f166f4b7846d37b8053cc3dd04770de28c9c435b54f7af587bc79c
SSDEEP

393216:3K56QB9lAMCXBhw3XC3MlsHnGfcpACV2x9lcyyLz6EASiW4aITv3jw3i:a5ckHC3MaHqaylcyMPASiWvkPjD

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

697fc5d9af6aa2a29510779d2fc54b97

http://83.217.11.27/

http://83.217.11.28/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  726.5MB
- MD5
  
  7fb6c49cde9ba5be882706ca16319623
- SHA1
  
  03535e4293fd4f52188ba261194b98e0bef91f91
- SHA256
  
  61369af747dcb743d5100549e6ae0fd34edf329b65d488fb74c7159175f87145
- SHA512
  
  023bfb2d408072317f3d8ea0fb1a844e90edcd28a6506f8010feaacfc89f2b004f9dad7cfea4b5f81aa07fbe18cb062c6cb6f01593da039c2bb6a52b0d231396
- SSDEEP
  
  196608:ZqgN7IrT5UZrWm+JLv/iyKWouNQUDN8iM:ZvNUrTCZrJ+pv/vzoujK
Score

10^/10

raccoon 697fc5d9af6aa2a29510779d2fc54b97 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
behavioral1 behavioral2
- Target
  
  ccme_ecc.dll
- Size
  
  548KB
- MD5
  
  19f2641706952f221d5f1066d064db4d
- SHA1
  
  84bf37c1bd5cb3f35cd2aa934cd9c17cb2690282
- SHA256
  
  cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f
- SHA512
  
  155a8d9fe2fe238cbc341cb0f088b5be0b58bc2f0ab70eae488972c0e8cd0e16ae3afef64ab96e0c63f14ac53b2ab167f906e2b94bec7ba87b494121edf5ed67
- SSDEEP
  
  6144:Ra3lDLZaFal9tiA1GzrTJdln27EEvdABkVJAOlRs5DIcxkjSuo64hTQ0IL0QpC7K:RUlD9aFal94PDlGuBk3Js5DIqjv
Score

1^/10
behavioral3 behavioral4
- Target
  
  icucnv67.dll
- Size
  
  15KB
- MD5
  
  c89f7b63c258a2d8b68a4bdaf5bbb2d4
- SHA1
  
  b1181f70adef2cfc1b884aa4a895984843ca326c
- SHA256
  
  ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
- SHA512
  
  39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47
- SSDEEP
  
  192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  icudt67.dll
- Size
  
  15KB
- MD5
  
  d73b8ebe06c05cddad49297f668b481e
- SHA1
  
  44b139944043d4c4c5a33e1782cd8256f3fa70aa
- SHA256
  
  6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
- SHA512
  
  8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6
- SSDEEP
  
  192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  vcomp140.dll
- Size
  
  176KB
- MD5
  
  884c6f8718fd95c25e16a4789ae3bf7a
- SHA1
  
  33f7e6846498871927d21bed11cc4ef41804112a
- SHA256
  
  f8d8aca399a0f7e40b2993584404b31f13bf18ea657a5feb85b37b15a249a275
- SHA512
  
  48384af2f6359ca3ee6996fc34df8c357164097f0c0c5cb30f5bd080baa6af3b4bcada17fb94933a99955f97c4ac0e554ca2373a5638e29db84e8318165c7b0c
- SSDEEP
  
  3072:+Pr3XpMvAiR3LQpxELm3uFX1TfgZhPlUDJR9ZURc/5:+znSvAiO+m3uFFOj+O6/5
Score

3^/10
behavioral10 behavioral9
- Target
  
  vcruntime140.dll
- Size
  
  94KB
- MD5
  
  11d9ac94e8cb17bd23dea89f8e757f18
- SHA1
  
  d4fb80a512486821ad320c4fd67abcae63005158
- SHA256
  
  e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
- SHA512
  
  aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
- SSDEEP
  
  1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Score

3^/10
behavioral11 behavioral12
- Target
  
  x86/ACE.dll
- Size
  
  1.1MB
- MD5
  
  d0ae82cdf9911bec3eddda128602af04
- SHA1
  
  58e167521f2b028d03aeb6c926d34c2c969fa9c6
- SHA256
  
  f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
- SHA512
  
  c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d
- SSDEEP
  
  24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF
Score

1^/10
behavioral13 behavioral14
- Target
  
  x86/AGM.dll
- Size
  
  5.8MB
- MD5
  
  b39b8d45413692ff856e9ba907256c2f
- SHA1
  
  ab06b594a57b8bbe0f4c4ba80a12129953521667
- SHA256
  
  ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084
- SHA512
  
  1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661
- SSDEEP
  
  98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z
Score

1^/10
behavioral15 behavioral16
- Target
  
  x86/AIDE.dll
- Size
  
  2.0MB
- MD5
  
  ad388ce4c2cc3aaff605994da782d57e
- SHA1
  
  f43c3f588c77a34e8b81b63247ac1d7657016050
- SHA256
  
  d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
- SHA512
  
  f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b
- SSDEEP
  
  49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu
Score

3^/10
behavioral17 behavioral18
- Target
  
  x86/Acrobat/Acrobat32OL.dll
- Size
  
  200KB
- MD5
  
  18e5a6296e02efb842fb3d11ca0c7c63
- SHA1
  
  1a774bc3ec960bf1d639b883ba34de0a101748a8
- SHA256
  
  629b4cef2c394c6a1fad37e5ac6f497b3bdac489270d54f4e98c5dfc925ea883
- SHA512
  
  66fe300a275d0dc403479668a3120e6eb9a84a28736e64b24afc37298e556589b40c191a83f5871b2ad1778e0a8a65f7a0878f29d409b2efb9d51531854c5198
- SSDEEP
  
  6144:tbL7Ohthut5BCRVS989WUY+7F4C9WOOS0mvpMJDJ2C7ejmj:xL7ObhG5BZUYiF4C9WOOS0m+JD
Score

1^/10
behavioral19 behavioral20
- Target
  
  x86/Acrobat/Adobe.Acrobat.Dependencies.manifest
- Size
  
  298B
- MD5
  
  7bae8b27f113f2c1bdc4181b99117fe9
- SHA1
  
  541f5fa5fa52885e0068a6b891537f254e334609
- SHA256
  
  dae02d5688314c66f9001728eeff6010e8af413867dfe4982b6b2c66625d9bb1
- SHA512
  
  803342e6b91c444128e3fec7e8f64757ec3531e4e4efb5e00a7ae4d7b1fc1cf1d4a42d20b1d986c1a4090567abee79be657983253bd9e8cfdd121a5cbdfc0849
Score

1^/10
behavioral21 behavioral22
- Target
  
  x86/Acrobat/Onix32.dll
- Size
  
  745KB
- MD5
  
  e03d8bbcf584de58500efdac4c7b6a97
- SHA1
  
  7aac481128eda876bc111b0cb33e202c68ef1f93
- SHA256
  
  58cc0c31514e89a743c9b96c7892c256cd9daaa18bdcff784b8ddb1d5c15a163
- SHA512
  
  eb3346b4d93137476f57eb43c87e4160b5d85431e2e9a75fbf4250161414d290eead6bcdadb290e23f13158ea265da880ddef1cad4b12cce60c0fa9d4f95c3d2
- SSDEEP
  
  12288:JPuGQm/KqPd7dg3EPctRuVcnQUFkZrBzKWe5p7MQnowzk7NugLqKiaC3P2nYs8rh:gGQm/KqPd7dg3EPctRuVcnQUFkZrBzKz
Score

3^/10
behavioral23 behavioral24
- Target
  
  x86/AdobeXMP.dll
- Size
  
  887KB
- MD5
  
  7c3033588c1a187918cf3fd246069a3f
- SHA1
  
  2b637a9d37de604ae8e98fcbc73746ccc0402b31
- SHA256
  
  e958f4ed8272a96e599ff9f0a79331e7b5109104a9d20d3f760c7eb162daf7e0
- SHA512
  
  80d513d25477081c84af87e8127a02bb332204ad7399ac653a27ca726e446fd25518d36189bf90b10cbf34119d35501e006a2e06dbca5a96dc2348aff6b6fe91
- SSDEEP
  
  24576:7CaZsdfNjJaN0OdQfLCKVkDavzVi5p5bafAAy4:7ZspNQVQdkahi5zaf5R
Score

3^/10
behavioral25 behavioral26
- Target
  
  x86/BIB.dll
- Size
  
  119KB
- MD5
  
  404de37b800b661ebfaa218b20c8c0c6
- SHA1
  
  2a2416b663ee9d9ec6325d2c70bf05be27a73eac
- SHA256
  
  ca53407b356fcdea51a6d536447ed6b88ad14c87facf421080d141cae837eedc
- SHA512
  
  e6d66bcb0da4ca5456dab376385c73a918fc13c4b0ab9a05d2324dbb7a9fcf197d727acfbedb15e55452b916c9afde0ed01b233868a88ae0f34ee01306289430
- SSDEEP
  
  3072:x9mmiJ1WvqJ7fW7n/WY0EZrZsibdumKr9igRsNpKN02+OzHwn:TkaqJi7M0dO
Score

1^/10
behavioral27 behavioral28
- Target
  
  x86/BIBUtils.dll
- Size
  
  170KB
- MD5
  
  79622b56347c1fd44b74bd4ea74cb813
- SHA1
  
  51c1e13a4b5aad657c570149c529dd4963adf77a
- SHA256
  
  0f2b3d012a9abe420bc36c62847bba6ca4478ceebc018bad2b19f22d481fcc10
- SHA512
  
  ebc329e0d1d869107043e5b0a0e05d4322fa0a2bbc2c30411d51ce1b4b33778ee94f82ad072cc8cf75222f488e52bf52dfb7481edfdef3e39fd58259685ad195
- SSDEEP
  
  3072:0VMWnX3e6TCL2ssOGpibdy1ZLKDZW7TPtAlgeoVA/sis/zquLtyQh1g:0JnHeKk2s03q0nh
Score

1^/10
behavioral29 behavioral30
- Target
  
  x86/CoolType.dll
- Size
  
  3.2MB
- MD5
  
  6fb9f15b6a1dd1ee9cdb9b4ef290d69e
- SHA1
  
  c5955655e9b96004a72bbb09aa72996f3ddaa539
- SHA256
  
  d4a0db913fa555808ce627114fe6e2725970499c70364edbedf47d907d52242d
- SHA512
  
  24be26d2e0dc3e05f786ce3eee815247261fe99e1bff08e689d71bf68e7d5340e942aaaefd9203569f63c23a5f5cb46c1ff6a2d91f2753fd6d78240fffa7beed
- SSDEEP
  
  49152:37sVoVC47fsPVTs57ovd2MMg6NYpnd3EQUyfha+P/u6LSXvowU7u9qRXApP4Cqrt:37RCwfsdTk+dlb73ELyfhlf9K4Cqi3
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32