raccoon | 6d9c24fc94431a1ed496008696fca844cfa262b21a2622651cecf4683a436900 | Triage

Submit
Reports

Overview

overview

Static

static

3

daniilcode...ed.exe

windows7-x64

daniilcode...ed.exe

windows10-2004-x64

Resubmissions

16-07-2023 16:09

230716-tlsqjsfe78 10

16-07-2023 16:02

230716-tgs6hsgd2v 10

Sharing

General

Target

daniilcoder_crypted.exe
Size

538KB
Sample

230716-tlsqjsfe78
MD5

82fb3cc145b2b05aa6750513d393a2b2
SHA1

97b18db9775fc94ffc6d66f17eb5e3a889203d63
SHA256

6d9c24fc94431a1ed496008696fca844cfa262b21a2622651cecf4683a436900
SHA512

a46394d9f541fd56e36d43cacbaf10b2eac97b0bcc33a31c6c0d02772547621da7167a5d86fe047337de0d5ca112c0bcb2d6798ecc77c4673c8c835d96c65884
SSDEEP

12288:V77crGJ/xyKB9UyTLrY1XROcbzu2qgR0h76Z:R+GJ/zrYHb/R0h7

Score

10^/10

raccoon f11400b7e6aba41ec29466fc8776c524 spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

daniilcoder_crypted.exe

Resource

win7-20230712-en

raccoon f11400b7e6aba41ec29466fc8776c524 spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

daniilcoder_crypted.exe

Resource

win10v2004-20230703-en

raccoon f11400b7e6aba41ec29466fc8776c524 spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

f11400b7e6aba41ec29466fc8776c524

C2

http://94.142.138.147:77u

xor.plain

Targets

- Target
  
  daniilcoder_crypted.exe
- Size
  
  538KB
- MD5
  
  82fb3cc145b2b05aa6750513d393a2b2
- SHA1
  
  97b18db9775fc94ffc6d66f17eb5e3a889203d63
- SHA256
  
  6d9c24fc94431a1ed496008696fca844cfa262b21a2622651cecf4683a436900
- SHA512
  
  a46394d9f541fd56e36d43cacbaf10b2eac97b0bcc33a31c6c0d02772547621da7167a5d86fe047337de0d5ca112c0bcb2d6798ecc77c4673c8c835d96c65884
- SSDEEP
  
  12288:V77crGJ/xyKB9UyTLrY1XROcbzu2qgR0h76Z:R+GJ/zrYHb/R0h7
Score

10^/10

raccoon f11400b7e6aba41ec29466fc8776c524 spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonf11400b7e6aba41ec29466fc8776c524spywarestealer

behavioral2

raccoonf11400b7e6aba41ec29466fc8776c524spywarestealer

© 2018-2024

Terms | Privacy