raccoon | b1a0c5b53067e69374d9c5fd843f2c11b2f0039d5ecc9ccd2eb6f665e68c3ff1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02a0844e14c943fda141728ceccc1c8c.bin
Size

10.1MB
Sample

230313-kdjm8sbd9z
MD5

be9a983bdc5bf2d4cbcb4f7df80d61f5
SHA1

ee31ca08f47ee9b5ac73b9b4ae5a0584224ec3fc
SHA256

b1a0c5b53067e69374d9c5fd843f2c11b2f0039d5ecc9ccd2eb6f665e68c3ff1
SHA512

b4844cebfedb68d7486094f1a74140f0b7ef84add337718fd90be5eedbf6905aa57ece2aa95a6b2df50bc2eea54d288de0083f523d493e284b9ab82fe0d9e1b0
SSDEEP

196608:BzA0UbEp7fHUs5ItByJNNfikNwWpuza+1jqP1pX4jgzpkqXtA45um8RQM:BzYbcL0BtU9mWpuzN1jqP1pIjIpk4S4i

Score

10^/10

raccoon 9acc0b4b109f517573794147c09af4c8 discovery spyware stealer

Malware Config

Extracted

Family

raccoon

Botnet

9acc0b4b109f517573794147c09af4c8

C2

http://94.142.138.191/

http://78.153.130.157/

http://79.137.203.5/

rc4.plain

Targets

- Target
  
  2035adb734e272d7bba98ab34faa9a5ee0457ea24b940688d1cfd8ba622988f1.exe
- Size
  
  10.5MB
- MD5
  
  02a0844e14c943fda141728ceccc1c8c
- SHA1
  
  681ff95d20d4b20c51d50b0da2890fd6b3a30a87
- SHA256
  
  2035adb734e272d7bba98ab34faa9a5ee0457ea24b940688d1cfd8ba622988f1
- SHA512
  
  0946fc37b57509ef94777eeefc71dcffd068a89146e37e0c6567bc2a3c32499de4b2ccb4fe68eff64762e76af16ef391c0c7b937e33d4a65b0332591f5f6dac2
- SSDEEP
  
  196608:nNjXgrvo5xsSYBmIOhdxfCxs5sFRXTQojht33KL7GYf0hgIcqmi/SWxM21r8:teoYLOxfC65YRjzht36+VgM6Wxg
Score

10^/10

raccoon 9acc0b4b109f517573794147c09af4c8 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon9acc0b4b109f517573794147c09af4c8discoveryspywarestealer

behavioral2

raccoon9acc0b4b109f517573794147c09af4c8stealer