raccoon

General

Target

b9553d05bb13bc681817e7b273db6a0e.exe
Size

232KB
Sample

230713-wztwwaah4v
MD5

b9553d05bb13bc681817e7b273db6a0e
SHA1

a2d7e85e70f96c15515934774cd6c96fc3d275cd
SHA256

c210be84d04a87aa2d1e84132b6632b5a7e5e0ee740efc5f1c11a63ac5f555f2
SHA512

905be202c05c865c6fef5ebfdbd7d131ed72807ec365082c23c16a2222300d0ee0439e443dfda09e41763463e558316751f25050da16b831537d80a0d1c3282c
SSDEEP

3072:F4ooef+aiih7q+GAQuF2zW2cA20LrI2GcyyOwtv/08PzPccK:mS+b+guB2c9+I2Gc7/10IzPcc

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

6e489b600db6a7cfd6a1b65b9a5a61eb

C2

http://5.78.111.161:8088/

xor.plain

Targets

- Target
  
  b9553d05bb13bc681817e7b273db6a0e.exe
- Size
  
  232KB
- MD5
  
  b9553d05bb13bc681817e7b273db6a0e
- SHA1
  
  a2d7e85e70f96c15515934774cd6c96fc3d275cd
- SHA256
  
  c210be84d04a87aa2d1e84132b6632b5a7e5e0ee740efc5f1c11a63ac5f555f2
- SHA512
  
  905be202c05c865c6fef5ebfdbd7d131ed72807ec365082c23c16a2222300d0ee0439e443dfda09e41763463e558316751f25050da16b831537d80a0d1c3282c
- SSDEEP
  
  3072:F4ooef+aiih7q+GAQuF2zW2cA20LrI2GcyyOwtv/08PzPccK:mS+b+guB2c9+I2Gc7/10IzPcc
Score

10^/10

raccoon 6e489b600db6a7cfd6a1b65b9a5a61eb discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer payload

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2