raccoon | e475bd3e2a5c97d72bbe07da853b2b906ffc9eeae46bd94ecb0a51a01fbfe53a | Triage

Sharing

General

Target

testexe.exe
Size

50KB
Sample

230701-j6df9agb99
MD5

44e85e8e96955e170fc6d13ceef82852
SHA1

46310e2ea57a9146f2f7808aa4c6f1bd1e6697eb
SHA256

e475bd3e2a5c97d72bbe07da853b2b906ffc9eeae46bd94ecb0a51a01fbfe53a
SHA512

cef5b49aaa6f2bbcccc94ba7101cb57f65d987d6364d3850070e3ab857e241a7e5b49781b2707aeb5eaf22543bff5d60c82818e2a2cd28d7db4c6798e7f236bd
SSDEEP

768:TVcCo1dt4cybqx7P9vm9Rg6+E7apmW8msk:T2t4cybq56O84

Score

10^/10

raccoon ad87fd8b27d5bd06a2baa46c4263c122 discovery spyware

Malware Config

Extracted

Family

raccoon

Botnet

ad87fd8b27d5bd06a2baa46c4263c122

C2

http://176.126.103.55:80y

xor.plain

Targets

- Target
  
  testexe.exe
- Size
  
  50KB
- MD5
  
  44e85e8e96955e170fc6d13ceef82852
- SHA1
  
  46310e2ea57a9146f2f7808aa4c6f1bd1e6697eb
- SHA256
  
  e475bd3e2a5c97d72bbe07da853b2b906ffc9eeae46bd94ecb0a51a01fbfe53a
- SHA512
  
  cef5b49aaa6f2bbcccc94ba7101cb57f65d987d6364d3850070e3ab857e241a7e5b49781b2707aeb5eaf22543bff5d60c82818e2a2cd28d7db4c6798e7f236bd
- SSDEEP
  
  768:TVcCo1dt4cybqx7P9vm9Rg6+E7apmW8msk:T2t4cybq56O84
Score

6^/10

discovery spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ad87fd8b27d5bd06a2baa46c4263c122raccoon

behavioral1

discoveryspyware

behavioral2

discoveryspyware