raccoon | 5081e0d8844cc27a71517378113f26c63874b5ab0ad6594e176aa18e8cd5c05b | Triage

Submit
Reports

Overview

overview

Static

static

3

ravenlogs_...ed.exe

windows10-1703-x64

ravenlogs_...ed.exe

windows10-2004-x64

Sharing

General

Target

ravenlogs_support2_crypted.exe
Size

2.9MB
Sample

230717-yypa4sef98
MD5

5d73d251554b416eb4c927628fbfe329
SHA1

559347beeead090d4c92fa254b0945203a77102b
SHA256

5081e0d8844cc27a71517378113f26c63874b5ab0ad6594e176aa18e8cd5c05b
SHA512

3c2f983b83bb33b5890f101efae9369a004a6486125af995915d02f4a2e8627cc6b90720579c3ab46175085abc2e3d2d1f87c452622507a907806a895c411912
SSDEEP

3072:TEUMhXqFvO4VJLFEF01l2NiNefRHspHlqMOHZHx3PL6dG5lBtaN1TerA:xGmWmLFEFK2iNQHCu3L6CBQ1e8

Score

10^/10

raccoon 090ee2c828684f1a18eff796733b49ed spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ravenlogs_support2_crypted.exe

Resource

win10-20230703-en

raccoon 090ee2c828684f1a18eff796733b49ed spyware stealer

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ravenlogs_support2_crypted.exe

Resource

win10v2004-20230703-en

raccoon 090ee2c828684f1a18eff796733b49ed spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

090ee2c828684f1a18eff796733b49ed

C2

http://94.142.138.147:77z

xor.plain

Targets

- Target
  
  ravenlogs_support2_crypted.exe
- Size
  
  2.9MB
- MD5
  
  5d73d251554b416eb4c927628fbfe329
- SHA1
  
  559347beeead090d4c92fa254b0945203a77102b
- SHA256
  
  5081e0d8844cc27a71517378113f26c63874b5ab0ad6594e176aa18e8cd5c05b
- SHA512
  
  3c2f983b83bb33b5890f101efae9369a004a6486125af995915d02f4a2e8627cc6b90720579c3ab46175085abc2e3d2d1f87c452622507a907806a895c411912
- SSDEEP
  
  3072:TEUMhXqFvO4VJLFEF01l2NiNefRHspHlqMOHZHx3PL6dG5lBtaN1TerA:xGmWmLFEFK2iNQHCu3L6CBQ1e8
Score

10^/10

raccoon 090ee2c828684f1a18eff796733b49ed spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon090ee2c828684f1a18eff796733b49edspywarestealer

behavioral2

raccoon090ee2c828684f1a18eff796733b49edspywarestealer

© 2018-2024

Terms | Privacy