Overview

overview

10

Static

static

3

3131f31a4b...17.exe

windows7-x64

10

3131f31a4b...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217

  • Size

    4.0MB

  • Sample

    230510-lzxbwsfd38

  • MD5

    b0cec2ba22b65a3df5fcfd5ddcb24521

  • SHA1

    edd2f6c361e04ba7cdec857cffe75443b6e771c4

  • SHA256

    3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217

  • SHA512

    7ed22a6082d97feec491d0c3554b935fc777bea4b90023b08e48c86a0d2c5f4d4f86d76683d9a3d35071eda7b083c7af0cab82810eecc25c20e8702d3325d147

  • SSDEEP

    98304:XUfKCK+RX3KLh12Hb8ECp0PmhaWDrJ+sASEtw9:XQXb78EKhaMV+sNWw9

Score
10/10
raccoon13718a923845c0cdab8ce45c585b8d63discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://94.142.138.175/

xor.plain

Targets

    • Target

      3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217

    • Size

      4.0MB

    • MD5

      b0cec2ba22b65a3df5fcfd5ddcb24521

    • SHA1

      edd2f6c361e04ba7cdec857cffe75443b6e771c4

    • SHA256

      3131f31a4b39b30cc4498c17115c2d24dc588835c9d609076058772d4a96a217

    • SHA512

      7ed22a6082d97feec491d0c3554b935fc777bea4b90023b08e48c86a0d2c5f4d4f86d76683d9a3d35071eda7b083c7af0cab82810eecc25c20e8702d3325d147

    • SSDEEP

      98304:XUfKCK+RX3KLh12Hb8ECp0PmhaWDrJ+sASEtw9:XQXb78EKhaMV+sNWw9

    Score
    10/10
    raccoon13718a923845c0cdab8ce45c585b8d63stealerdiscoveryspyware

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks