raccoon | 1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e | Triage

Sharing

General

Target

AcroRdrDCx642300120064_en_US (1).exe
Size

331.8MB
Sample

230312-vg83eagf2t
MD5

9c55e172c303167f802900adbfa8ffa1
SHA1

029212f3f5415a108be943c15e1343718e6c77dc
SHA256

1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e
SHA512

fd419f8151084ee59cd881e71ff4c1baf8a029a9cc2f5f27abfa7f4538e22c52bf24e25b7adfeeb0be4d15839a34c26ada7d6d1baef97a483bcc2ff80b87e838
SSDEEP

6291456:nzwRUHohZ0VHvxI0/r8tHocbZRpwAGVJcSyUOD5xtxz9TeDjnHQZA07B8:VohZTtofA6wDj/z9SeT8

Score

10^/10

raccoon stealer

Malware Config

Extracted

Family

raccoon

rc4.plain

Targets

- Target
  
  AcroRdrDCx642300120064_en_US (1).exe
- Size
  
  331.8MB
- MD5
  
  9c55e172c303167f802900adbfa8ffa1
- SHA1
  
  029212f3f5415a108be943c15e1343718e6c77dc
- SHA256
  
  1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e
- SHA512
  
  fd419f8151084ee59cd881e71ff4c1baf8a029a9cc2f5f27abfa7f4538e22c52bf24e25b7adfeeb0be4d15839a34c26ada7d6d1baef97a483bcc2ff80b87e838
- SSDEEP
  
  6291456:nzwRUHohZ0VHvxI0/r8tHocbZRpwAGVJcSyUOD5xtxz9TeDjnHQZA07B8:VohZTtofA6wDj/z9SeT8
Score

10^/10

raccoon stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2