raccoon | 0f6b398bf5f91af3ec82ad6a7417ec3dd71f7f220409d5c327b63a4c7334e844 | Triage

Sharing

General

Target

tmp
Size

1.5MB
Sample

230621-y8jtdabc76
MD5

09f16ecc21bd2d570fd6c6411128b714
SHA1

71dd57498b1989e7c61e1c4865f306e5d5e222f2
SHA256

0f6b398bf5f91af3ec82ad6a7417ec3dd71f7f220409d5c327b63a4c7334e844
SHA512

2b89d3c3e6722da0c7acfb8468aebfe112fadda93f71708e48035b9bb0ea35120a0eb1d04c80c4d2c4a2004f866f71d8a072f1f8ebc567d2813b243ac21488e1
SSDEEP

49152:KBrY2fc7XyDjhZ0j5Jl34KZbGiJyXoogg:ArncjyDNajHZbGi4

Score

10^/10

raccoon persistence stealer

Malware Config

Extracted

Family

raccoon

rc4.plain

Targets

- Target
  
  tmp
- Size
  
  1.5MB
- MD5
  
  09f16ecc21bd2d570fd6c6411128b714
- SHA1
  
  71dd57498b1989e7c61e1c4865f306e5d5e222f2
- SHA256
  
  0f6b398bf5f91af3ec82ad6a7417ec3dd71f7f220409d5c327b63a4c7334e844
- SHA512
  
  2b89d3c3e6722da0c7acfb8468aebfe112fadda93f71708e48035b9bb0ea35120a0eb1d04c80c4d2c4a2004f866f71d8a072f1f8ebc567d2813b243ac21488e1
- SSDEEP
  
  49152:KBrY2fc7XyDjhZ0j5Jl34KZbGiJyXoogg:ArncjyDNajHZbGi4
Score

10^/10

raccoon persistence stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonpersistencestealer

behavioral2

raccoonpersistencestealer