raccoon | 071e9de15078bb820cb507eb135aed7ea4c4c0d42fe14ae205d20310e0ea89bb | Triage

Submit
Reports

Overview

overview

Static

static

1

a2f979b364...78.exe

windows7-x64

a2f979b364...78.exe

windows10-2004-x64

Sharing

General

Target

a2f979b364f6ac14455079cfb11d9378.exe
Size

32.2MB
Sample

230718-ld6y7sab51
MD5

a2f979b364f6ac14455079cfb11d9378
SHA1

92f0e94e67fe3dc8de35f8cd4bf30143047df00f
SHA256

071e9de15078bb820cb507eb135aed7ea4c4c0d42fe14ae205d20310e0ea89bb
SHA512

f2cb77f04ccd36863e4473c38332f4cb426d0876003780f47f803540a07bbf27ddccd1f93a07c16eaa56b1807674762be04aa049daef286ca7a8ee1ccf4fda54
SSDEEP

393216:sV0pJXZqIOOHDvUmv4XOS5s41i7vP06D4sCLzhtxw/4JIvWZ:sV0qIbj8mgXL1i7lDqzhtG/Hg

Score

10^/10

raccoon 74b8b770a65f8e339e8f029b78098a50 stealer

Static task

static1

Behavioral task

behavioral1

Sample

a2f979b364f6ac14455079cfb11d9378.exe

Resource

win7-20230712-en

raccoon 74b8b770a65f8e339e8f029b78098a50 stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2f979b364f6ac14455079cfb11d9378.exe

Resource

win10v2004-20230703-en

raccoon 74b8b770a65f8e339e8f029b78098a50 stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

74b8b770a65f8e339e8f029b78098a50

C2

http://89.23.107.239:80/

http://49.13.18.115:80/

xor.plain

Targets

- Target
  
  a2f979b364f6ac14455079cfb11d9378.exe
- Size
  
  32.2MB
- MD5
  
  a2f979b364f6ac14455079cfb11d9378
- SHA1
  
  92f0e94e67fe3dc8de35f8cd4bf30143047df00f
- SHA256
  
  071e9de15078bb820cb507eb135aed7ea4c4c0d42fe14ae205d20310e0ea89bb
- SHA512
  
  f2cb77f04ccd36863e4473c38332f4cb426d0876003780f47f803540a07bbf27ddccd1f93a07c16eaa56b1807674762be04aa049daef286ca7a8ee1ccf4fda54
- SSDEEP
  
  393216:sV0pJXZqIOOHDvUmv4XOS5s41i7vP06D4sCLzhtxw/4JIvWZ:sV0qIbj8mgXL1i7lDqzhtG/Hg
Score

10^/10

raccoon 74b8b770a65f8e339e8f029b78098a50 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon74b8b770a65f8e339e8f029b78098a50stealer

behavioral2

raccoon74b8b770a65f8e339e8f029b78098a50stealer

© 2018-2024

Terms | Privacy