raccoon

General

Target

CompleteSetup_2023_As_PassWord.zip
Size

18.3MB
Sample

230330-r5qdesee6y
MD5

950352e9234d111521e052d8cc3a0931
SHA1

018c423a35bfb0284e1d508869d88d973ea154f3
SHA256

a8118547c517813b8619a1f6976d53d7923175c95185b4da141f3538ae8f4796
SHA512

1e131abf5d6b7b4de5cd831b19cda11c804f9310c9d2df3c37e4553dad7e8c926113791ddedd4b2de21242f84208daab87e5710504b4918cf791bdbb8a1eba26
SSDEEP

393216:T7zIOnO5F08vhLGpi1+t8vAj67YXe4fBopu0xuMjZNcx0my+P+:ds0URG9s6JepuBOXcxI+P+

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

23883deb102ef0839fbfe8fcef1a5fc7

C2

http://37.220.87.68

http://83.217.11.10

rc4.plain

Targets

- Target
  
  CompleteSetup_2023_As_PassWord/Full_SetupFile.exe
- Size
  
  1023.2MB
- MD5
  
  2b6c3410f4d064e69bb0d47d7e94132c
- SHA1
  
  4c51abdba654277f6d0c5ceb18c5dd6c4fd7bb47
- SHA256
  
  6d0626d9b90abe1d422ace8bd33c8024ea321499104ae95172c2d7a10a9cfc7c
- SHA512
  
  644c7d2e25d63afbd9f5719a8dcef5c2fdda1b756392be5d1efe9320953256cb6e70139a62a6a9fd1522c1b3172fafc297eb4cc93129efad7135f78922f679c5
- SSDEEP
  
  196608:NYzLzScvgh3AADZ7sMHEXBhb8Jrznl32LUTxqLrkSdNMjGYQcH7WTyCWxxPajesG:mjScvgh3A4dLHEx0rILKxC3+bGy96eyg
Score

10^/10

raccoon 23883deb102ef0839fbfe8fcef1a5fc7 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2