raccoon | f6a2c9e86c86a6c83a62ce03088040d6462648413ba0d0cdb12a1cbb9a7184d5 | Triage

Sharing

General

Target

Quarantined Messages.zip
Size

4.4MB
Sample

230322-sx4frahf35
MD5

c25d064157577e2a6c71f67a4a05ede5
SHA1

3ba690daa85efe6cab388560929ade80892632a4
SHA256

f6a2c9e86c86a6c83a62ce03088040d6462648413ba0d0cdb12a1cbb9a7184d5
SHA512

8d8d31462725c1b77b46bccaa75468c83c2f6b43b0cc19d20a61f5899811233d52b93b8bb428fa3c3e76792c9cdcc464c53c33e6fca4803c5409aafec4b76e25
SSDEEP

98304:LMRKsRS0MKJM3voG90G/Yr9F46bbjk8WjghhDHPe7tYLCx80w0geI6xf:LORS4svr1gYgjWkxHmWLCIMN

Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c evasion stealer themida trojan

Malware Config

Extracted

Family

raccoon

Botnet

d4074b8c479181b90e810443a9405f3c

C2

http://37.220.87.44/

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  465.5MB
- MD5
  
  ba1f367857d1efa868bb71681e1e1420
- SHA1
  
  0d7917e7808a365ec09c6a848f6d20266114a662
- SHA256
  
  bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
- SHA512
  
  dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
- SSDEEP
  
  49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c stealer themida evasion trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

themidad4074b8c479181b90e810443a9405f3craccoon

behavioral1

raccoond4074b8c479181b90e810443a9405f3cstealerthemida

behavioral2

raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan