raccoon

General

Target

1e2b3c0589e8df18ada383c48347a28b.exe
Size

3.1MB
Sample

230331-fmz95age76
MD5

1e2b3c0589e8df18ada383c48347a28b
SHA1

d30189b257c6a303d41145c9f18709b9118c4eec
SHA256

c9fe71715c02aadcef31d9df6ad876f7d9ac9e747c0ec541139a2d22045a1b67
SHA512

d8e7b339dbcd20923442a6b6d77aea18b17f63207737a8c1efc556b7d57c634af2b325f0c1b658200f42ab4ac2f9a186284397e9c9e4f6cc20d65c15b39c3732
SSDEEP

49152:NAHDmz/PG7OIg7NMvWvnwvCoj85R1dvuxHxtx+6e+QCR0W4+RJHeEcs:NMKG7OIgpLnwwPFuRsUR0+RFZ

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://185.181.10.208/

rc4.plain

Targets

- Target
  
  1e2b3c0589e8df18ada383c48347a28b.exe
- Size
  
  3.1MB
- MD5
  
  1e2b3c0589e8df18ada383c48347a28b
- SHA1
  
  d30189b257c6a303d41145c9f18709b9118c4eec
- SHA256
  
  c9fe71715c02aadcef31d9df6ad876f7d9ac9e747c0ec541139a2d22045a1b67
- SHA512
  
  d8e7b339dbcd20923442a6b6d77aea18b17f63207737a8c1efc556b7d57c634af2b325f0c1b658200f42ab4ac2f9a186284397e9c9e4f6cc20d65c15b39c3732
- SSDEEP
  
  49152:NAHDmz/PG7OIg7NMvWvnwvCoj85R1dvuxHxtx+6e+QCR0W4+RJHeEcs:NMKG7OIgpLnwwPFuRsUR0+RFZ
Score

10^/10

raccoon 94c54520400750937a6f1bf6044f8667 stealer discovery spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2