Overview

overview

10

Static

static

1

09c7f49011...6b.exe

windows7-x64

10

09c7f49011...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09c7f4901112e39b0863288b261a626b.exe

  • Size

    10.3MB

  • Sample

    230325-23eh9aef72

  • MD5

    09c7f4901112e39b0863288b261a626b

  • SHA1

    f9c4b5adc43a972d851039df6ca97bdd1a5ff29f

  • SHA256

    e4f89ee858218ad17e47c1670c41f8b0e73753a7d3d38677eb6afa95473b7b42

  • SHA512

    ccb2ace9e4d9adb2406f37326e14e8e5d0638202898cbeff272c97d10572e925f0c75ca7bf0f2057264bb2e03ff60f7bfa209912c836479e413f5a9247e7fb25

  • SSDEEP

    196608:WGP62w4x3II5kI/dI16VakXiEkr4GJ+D8tI2m1L7WK5AI5tD+FQic:3BSGkI2gVakXJextILtiKliFDc

Score
10/10
raccoon1196de9cec79da84686d34883da05a1ediscoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

1196de9cec79da84686d34883da05a1e

C2

http://94.142.138.227/

rc4.plain

Targets

    • Target

      09c7f4901112e39b0863288b261a626b.exe

    • Size

      10.3MB

    • MD5

      09c7f4901112e39b0863288b261a626b

    • SHA1

      f9c4b5adc43a972d851039df6ca97bdd1a5ff29f

    • SHA256

      e4f89ee858218ad17e47c1670c41f8b0e73753a7d3d38677eb6afa95473b7b42

    • SHA512

      ccb2ace9e4d9adb2406f37326e14e8e5d0638202898cbeff272c97d10572e925f0c75ca7bf0f2057264bb2e03ff60f7bfa209912c836479e413f5a9247e7fb25

    • SSDEEP

      196608:WGP62w4x3II5kI/dI16VakXiEkr4GJ+D8tI2m1L7WK5AI5tD+FQic:3BSGkI2gVakXJextILtiKliFDc

    Score
    10/10
    raccoon1196de9cec79da84686d34883da05a1estealerdiscoveryspyware

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks