raccoon

General

Target

79c1be7c958d5cded0534d37b0104305.exe
Size

197KB
Sample

230412-fdd1jahh63
MD5

79c1be7c958d5cded0534d37b0104305
SHA1

75a9e56db55915fab4593586374e0ef95410db34
SHA256

59873832d59ac86759e5df7dd96e49049b3b221da1ab1b71ede21b271c3168a7
SHA512

4549beb040c6d8f4f4f35e02c62c19374b1ed95577e6bce167bbb3c82ca5c87e2d8fdb72644a9e8c15233e0ecf656f6fae41bb3fd48ba674756e4ed0793670c6
SSDEEP

6144:r28W38HAsKSVUu+f4wd7UUA/A1QcL0mUpUgb:3XHAsKfJ77A/An4x

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

c610d498a9c34173052f3f4fcea051af

C2

http://respekt5568.com/

xor.plain

Targets

- Target
  
  79c1be7c958d5cded0534d37b0104305.exe
- Size
  
  197KB
- MD5
  
  79c1be7c958d5cded0534d37b0104305
- SHA1
  
  75a9e56db55915fab4593586374e0ef95410db34
- SHA256
  
  59873832d59ac86759e5df7dd96e49049b3b221da1ab1b71ede21b271c3168a7
- SHA512
  
  4549beb040c6d8f4f4f35e02c62c19374b1ed95577e6bce167bbb3c82ca5c87e2d8fdb72644a9e8c15233e0ecf656f6fae41bb3fd48ba674756e4ed0793670c6
- SSDEEP
  
  6144:r28W38HAsKSVUu+f4wd7UUA/A1QcL0mUpUgb:3XHAsKfJ77A/An4x
Score

10^/10

raccoon c610d498a9c34173052f3f4fcea051af discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2