raccoon | hxxps://mega[.]nz/file/qZIjCbhY#DQ0sJE4obA7SIEnCAgX94HH0EN7vrFRwaNYmcb5XCIs | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-1703-x64

Sharing

General

Target

https://mega.nz/file/qZIjCbhY#DQ0sJE4obA7SIEnCAgX94HH0EN7vrFRwaNYmcb5XCIs
Sample

230419-z927safd7s

Score

10^/10

raccoon redline @housto_n_n f26f614d4c0bc2bcd6601785661fb5cf discovery infostealer persistence spyware stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://mega.nz/file/qZIjCbhY#DQ0sJE4obA7SIEnCAgX94HH0EN7vrFRwaNYmcb5XCIs

Resource

win10-20230220-en

raccoon redline @housto_n_n f26f614d4c0bc2bcd6601785661fb5cf discovery infostealer persistence spyware stealer

windows10-1703-x64

29 signatures

1800 seconds

Malware Config

Extracted

Family

redline

C2

185.186.142.127:17355

Attributes

auth_value
90fb32b68ec22e96223cb01b52498d11

Extracted

Family

redline

Botnet

@Housto_N_n

C2

37.220.87.8:42823

Attributes

auth_value
1879dfc366efff58afee517e46bfbe30

Extracted

Family

raccoon

Botnet

f26f614d4c0bc2bcd6601785661fb5cf

C2

http://37.220.87.66/

xor.plain

Targets

- Target
  
  https://mega.nz/file/qZIjCbhY#DQ0sJE4obA7SIEnCAgX94HH0EN7vrFRwaNYmcb5XCIs
Score

10^/10

raccoon redline @housto_n_n f26f614d4c0bc2bcd6601785661fb5cf discovery infostealer persistence spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

raccoonredline@housto_n_nf26f614d4c0bc2bcd6601785661fb5cfdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy