raccoon | hxxps://bayfiles[.]com/v1HbA7q9zf/OriginalBuild_exe | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://bayfiles.com...

windows10-2004-x64

Sharing

General

Target

https://bayfiles.com/v1HbA7q9zf/OriginalBuild_exe
Sample

230513-lng3tsfh85

Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://bayfiles.com/v1HbA7q9zf/OriginalBuild_exe

Resource

win10v2004-20230220-it

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer

windows10-2004-x64

15 signatures

1200 seconds

Malware Config

Extracted

Family

raccoon

Botnet

b11c37ed36597cb6d2adb8b6280a6e12

C2

http://94.142.138.32

xor.plain

Targets

- Target
  
  https://bayfiles.com/v1HbA7q9zf/OriginalBuild_exe
Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops Chrome extension
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

raccoonb11c37ed36597cb6d2adb8b6280a6e12stealer

© 2018-2024

Terms | Privacy