raccoon | eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9 | Triage

Submit
Reports

Overview

overview

Static

static

7

dridex

windows10-1703-x64

Sharing

General

Target

eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
Size

5.1MB
Sample

230918-lnbwtaah26
MD5

8f7c7aadf506d8850c65d6fad2646438
SHA1

0d45d3ea30740a2a6df523396cf143dd59ebeec7
SHA256

eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
SHA512

17e1a00dd04694a95760c93e20d878e5956b215ecff1eb5dba917719ddff8587d9fddeb0bd7008a6e248859a83d2446310f8fc4cfddbcd44cb4ca2b1f6b4bf53
SSDEEP

98304:sbpLElLpmF74U66BS5vdypRR67nVUEFUCfbN1xi0zCB/Rr97XJ:sbpLEFpmKU66BYVyr4nV7+Crxi0Ur9T

Score

10^/10

raccoon evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9.exe

Resource

win10-20230915-en

raccoon evasion stealer themida trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
- Size
  
  5.1MB
- MD5
  
  8f7c7aadf506d8850c65d6fad2646438
- SHA1
  
  0d45d3ea30740a2a6df523396cf143dd59ebeec7
- SHA256
  
  eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
- SHA512
  
  17e1a00dd04694a95760c93e20d878e5956b215ecff1eb5dba917719ddff8587d9fddeb0bd7008a6e248859a83d2446310f8fc4cfddbcd44cb4ca2b1f6b4bf53
- SSDEEP
  
  98304:sbpLElLpmF74U66BS5vdypRR67nVUEFUCfbN1xi0zCB/Rr97XJ:sbpLEFpmKU66BYVyr4nV7+Crxi0Ur9T
Score

10^/10

raccoon evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy