raccoon | cfb378f8d902d20bc733c205ee8d7f1e4493da6971400fa0c8515f37001212b9 | Triage

Sharing

General

Target

Pre-Activated-Setup.exe
Size

25.6MB
Sample

230718-qnckkaaf75
MD5

7f7d50ed8f4a8432a0371c83693e3bdc
SHA1

e2b50df6d0b61f67e0bb7caa6fb444699ee096dc
SHA256

cfb378f8d902d20bc733c205ee8d7f1e4493da6971400fa0c8515f37001212b9
SHA512

322850f8137bf59b0fc5a39c36442bff92cb21cb7ec42be06a05d13bb148ea90a2b3fccc31bf042065ce2bfa7ad16b3c8d422274dc1a3d24eed995e62759a6b5
SSDEEP

393216:hGMbkfWjBPBtR0LUKfS9vXRBKaNF+AWkafU5wl7zAhAHuKv+PSFq9A9/ceW:h+ePXWLBadWaBWHsERHupPar9/c7

Score

10^/10

raccoon 67f7314de84b54b5f21ebf56b4ba37ca stealer

Malware Config

Extracted

Family

raccoon

Botnet

67f7314de84b54b5f21ebf56b4ba37ca

C2

http://79.137.248.173:80/

http://89.208.106.110:80/

xor.plain

Targets

- Target
  
  Pre-Activated-Setup.exe
- Size
  
  25.6MB
- MD5
  
  7f7d50ed8f4a8432a0371c83693e3bdc
- SHA1
  
  e2b50df6d0b61f67e0bb7caa6fb444699ee096dc
- SHA256
  
  cfb378f8d902d20bc733c205ee8d7f1e4493da6971400fa0c8515f37001212b9
- SHA512
  
  322850f8137bf59b0fc5a39c36442bff92cb21cb7ec42be06a05d13bb148ea90a2b3fccc31bf042065ce2bfa7ad16b3c8d422274dc1a3d24eed995e62759a6b5
- SSDEEP
  
  393216:hGMbkfWjBPBtR0LUKfS9vXRBKaNF+AWkafU5wl7zAhAHuKv+PSFq9A9/ceW:h+ePXWLBadWaBWHsERHupPar9/c7
Score

10^/10

raccoon 67f7314de84b54b5f21ebf56b4ba37ca stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon67f7314de84b54b5f21ebf56b4ba37castealer