raccoon

General

Target

PassKeys_2023_ActiveSetupQ84.rar
Size

16.5MB
Sample

230509-bh3r8sfe21
MD5

184c1128d5a3c1b60b4c09fb743ef4a6
SHA1

4f7e9ac4e53a0324e31561ea4d7222ed3cd5bdaa
SHA256

676e79abc60a3895794afc4e63da069caf7677276932d15dc827916c16264a6d
SHA512

c51eccf6666700465d33751f69d56d324b46af73b0298e8b7669ed9efe180cfbdc4f955010d050c2c09e398a664f4f6c90c98243a0561babc1fff1fafb2ed362
SSDEEP

393216:4pMvWXXsRTCmqLOe5iMHJcFwq5JTHtdLGpiUZ8WFw:4pQKXsJLmOeQMpOdiUVN

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://94.142.138.175/

xor.plain

Targets

- Target
  
  satup.exe
- Size
  
  1023.0MB
- MD5
  
  7ade9746dca24de26058886623205338
- SHA1
  
  3a630bb12aa44be1461bca0de754986089a17fd6
- SHA256
  
  6391028ba851d3787103ea9663548a867ac2b1a5f9bc556b921b45a2ff42a7ce
- SHA512
  
  05cb8df01c9a150681ea07d7948d845860b458d9e9e7a1bec7a23e6050f3d557a3192802fd76603643179bb745df68c322c33dc3f2c764203fdc3f39b5c8abe4
- SSDEEP
  
  49152:4tXfid1fWUkJ+y26IdJTbMYVXKshkjdQv+dhSEZe6G/3qDAZpIi4HHRgmczdRbqA:4XJlIdJAYVXKshd+jPHWnhsgnjbx2NY
Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 evasion stealer themida trojan discovery spyware
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Keygens.txt
- Size
  
  549KB
- MD5
  
  fcf0c898941ade315203e753557aac14
- SHA1
  
  b3eb624dbc15d8dc925b7396b0ed8fb9e90d4b88
- SHA256
  
  bfa591fd12b81455f87b172432f9a0cc6a858df44f3e33b456852c053cad2187
- SHA512
  
  e339dcad5eb4c649fae08152bde8192495ae5df4fb6025df92d7ca3380c58ad7ec9cd02e09871a57fb42cf1c3132110c47a69494417997adae06af9527b19ff9
- SSDEEP
  
  24:yuRb6iZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZG:yNH
Score

1^/10
behavioral3 behavioral4