raccoon | 311b3e01136c34f6121897d31cefea8a94b82d173d1022db90744064c10788b5 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows10-1703-x64

Sharing

General

Target

MDE_File_Sample_a58e7e79a6ae4cd98779c9cb8387acb0d15ab1fe.zip
Size

4.4MB
Sample

230619-n4k6jadf83
MD5

70e21f89fa08e315c84f1676c970b0ff
SHA1

409b20c31eaea0b7960cc84b8a185c632cc7de5d
SHA256

311b3e01136c34f6121897d31cefea8a94b82d173d1022db90744064c10788b5
SHA512

a626797235f20ab4339a9036feb4546596fae0e3e4c4ad12e058fa3d2df54a279f54fa34b49792f607ea54dd1bd159f2dab386a3d2e88dd33749708724d75390
SSDEEP

98304:Q5yO8LFzJjO55KYlj9c49SzYt7V4LZUWlLgkiIU+tFnWE:YyzLxJjWUasz+slERytD

Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c evasion stealer themida trojan

Static task

static1

themida raccoon

4 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10-20230220-en

raccoon d4074b8c479181b90e810443a9405f3c evasion stealer themida trojan

windows10-1703-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

d4074b8c479181b90e810443a9405f3c

C2

http://37.220.87.44/

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/

xor.plain

Targets

- Target
  
  Setup.exe
- Size
  
  465.5MB
- MD5
  
  ba1f367857d1efa868bb71681e1e1420
- SHA1
  
  0d7917e7808a365ec09c6a848f6d20266114a662
- SHA256
  
  bd8b12dcaec47b31028589aa295ab16c91278814affa1bd2664905957d472a13
- SHA512
  
  dc48959bd3c465a09e6df275eedf910125da1222ff253ecebde94c4f7ab93f9bbce847c90cb7a339cad2697d0ab77b61b95af54713983dfc4f7566cc0ba34d88
- SSDEEP
  
  49152:op6MmhLSOvvm9sgb3qq/BSGnYB7VKpKeM:oKhUrtpSGngVaM
Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoond4074b8c479181b90e810443a9405f3cevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy