raccoon

General

Target

c4395ae438ce235952f56642e133750c1fbcfc01275e77402425f549cdd2805dexe_JC.exe
Size

286KB
Sample

230811-sx7heaed35
MD5

a909e4d61084420f40d41fe5afd2fa4f
SHA1

5877fdfaae37b7ae6bac595d56ce66a2e48840cd
SHA256

c4395ae438ce235952f56642e133750c1fbcfc01275e77402425f549cdd2805d
SHA512

339ec1cd7555cc6d9bc22e426ec9f83bcf06a18ca6000bbf9835843723ee91689adb0223ce7d9e0ee3943a24611bf8bf30d209d5745dbe124dca8b0da34378cb
SSDEEP

3072:iN22+03zuDia6L/KoWAH94blZz1Xw4dsyJx1EVD3G8yhjg98fZbFPVsBTY:+TYi5LCmolZNJ+S1EV6P2GVy

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

c610d498a9c34173052f3f4fcea051af

C2

http://galandskiyher1.com:80/

xor.plain

Targets

- Target
  
  c4395ae438ce235952f56642e133750c1fbcfc01275e77402425f549cdd2805dexe_JC.exe
- Size
  
  286KB
- MD5
  
  a909e4d61084420f40d41fe5afd2fa4f
- SHA1
  
  5877fdfaae37b7ae6bac595d56ce66a2e48840cd
- SHA256
  
  c4395ae438ce235952f56642e133750c1fbcfc01275e77402425f549cdd2805d
- SHA512
  
  339ec1cd7555cc6d9bc22e426ec9f83bcf06a18ca6000bbf9835843723ee91689adb0223ce7d9e0ee3943a24611bf8bf30d209d5745dbe124dca8b0da34378cb
- SSDEEP
  
  3072:iN22+03zuDia6L/KoWAH94blZz1Xw4dsyJx1EVD3G8yhjg98fZbFPVsBTY:+TYi5LCmolZNJ+S1EV6P2GVy
Score

10^/10

raccoon c610d498a9c34173052f3f4fcea051af spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer payload

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2