raccoon | a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe | Triage

Submit
Reports

Overview

overview

Static

static

3

a747ce455e...fe.exe

windows7-x64

7

a747ce455e...fe.exe

windows10-2004-x64

Sharing

General

Target

a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
Size

5.2MB
Sample

230508-3nzrbadd23
MD5

05a8019bdf62516860fd5396cfdf9039
SHA1

ec32c6865859cb524ebe7e467a9debf009df070e
SHA256

a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
SHA512

81eba3b9f175dabf1c3f8c6fa1d1c624ab85071c37c5c632956546e620c4bfdefd9718af58f2e77855918af37da91012ed038a12bd639d07912d86c925dcde78
SSDEEP

98304:ukRbqulaXDtAsK9lYyImLZmB/EXVefg/+RjgN0irZRblngETx:uqTkqs0fImLIBclf/IQ0iVnngwx

Score

10^/10

raccoon 03c14357f4c11f70315c3388c896998d spyware stealer upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe.exe

Resource

win7-20230220-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe.exe

Resource

win10v2004-20230220-en

raccoon 03c14357f4c11f70315c3388c896998d spyware stealer upx vmprotect

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

03c14357f4c11f70315c3388c896998d

C2

http://46.151.31.129

xor.plain

Targets

- Target
  
  a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
- Size
  
  5.2MB
- MD5
  
  05a8019bdf62516860fd5396cfdf9039
- SHA1
  
  ec32c6865859cb524ebe7e467a9debf009df070e
- SHA256
  
  a747ce455e6ea8ecaf0f76dfcf8a37db8048b7bf5627a9b13bf450573ff6affe
- SHA512
  
  81eba3b9f175dabf1c3f8c6fa1d1c624ab85071c37c5c632956546e620c4bfdefd9718af58f2e77855918af37da91012ed038a12bd639d07912d86c925dcde78
- SSDEEP
  
  98304:ukRbqulaXDtAsK9lYyImLZmB/EXVefg/+RjgN0irZRblngETx:uqTkqs0fImLIBclf/IQ0iVnngwx
Score

10^/10

upx vmprotect raccoon 03c14357f4c11f70315c3388c896998d spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoon03c14357f4c11f70315c3388c896998dspywarestealerupxvmprotect

© 2018-2024

Terms | Privacy