raccoon | 28e64121b13efe27774b4734ec061af6ef7df96e9882b5f84470ed0de078ba36 | Triage

Submit
Reports

Overview

overview

Static

static

7

SuT-u.exe

windows7-x64

SuT-u.exe

windows10-2004-x64

Sharing

General

Target

SеT-uр.zip
Size

2.7MB
Sample

230331-kza8zsae71
MD5

df79847f2499a41f23c5bb130475eba4
SHA1

1a1dfcf2c39dd5014984420d5bb98d7ae6a987a5
SHA256

28e64121b13efe27774b4734ec061af6ef7df96e9882b5f84470ed0de078ba36
SHA512

bd8c34a941e233433b337a813de1c2382b95d16fdf7ef5eba82fece993f722726ca7a3b635680842fd801c5675a06fad19819e35ea55db56d75ded3512ce7438
SSDEEP

49152:mRwHgGYbkEXCrQwPT6qPVLqR3oScZEz7nZCDqG:uwAVHykQmRYSoM7nZC7

Score

10^/10

raccoon f26f614d4c0bc2bcd6601785661fb5cf �q�m��e�discovery spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SuT-u.exe

Resource

win7-20230220-en

raccoon f26f614d4c0bc2bcd6601785661fb5cf �q�m��e�spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SuT-u.exe

Resource

win10v2004-20230220-en

raccoon f26f614d4c0bc2bcd6601785661fb5cf �q�m��e�discovery spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

f26f614d4c0bc2bcd6601785661fb5cf

C2

http://37.220.87.66/

rc4.plain

Extracted

Family

raccoon

Botnet

�Q�M��e�

rc4.plain

Targets

- Target
  
  SuT-u.ex_
- Size
  
  1024.0MB
- MD5
  
  bbe934b27150221d00e6df6ad67f5b87
- SHA1
  
  e6dc3d410c8b86e9e4bddc2daf3fc35a26889247
- SHA256
  
  62b16f591fd7cea398eef2123eca605545ae60401d2e5bdaf897d00da4e7f638
- SHA512
  
  6a9d814b9369f95745906c131e1db72f09c8cced20349b9c9b48ccfe84090cc766191e7d98be9805c5e1c3a0cd988f7b6b831c1dae0965ad7682a1afd94c60ad
- SSDEEP
  
  24576:ewNuU9GH8Hrgi5sWmhA8IP3b4q7W5BfwPxod0KImzcF/WkvMr73L4dbu4t1TcVfp:79GH+g8sWmhIPJ60i0Kp/rodl/TcVfp
Score

10^/10

raccoon f26f614d4c0bc2bcd6601785661fb5cf �q�m��e�spyware stealer upx discovery
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonf26f614d4c0bc2bcd6601785661fb5cf�q�m��e�spywarestealerupx

behavioral2

raccoonf26f614d4c0bc2bcd6601785661fb5cf�q�m��e�discoveryspywarestealerupx

© 2018-2024

Terms | Privacy