raccoon | 788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Mlсrоsо...p.appx

windows7-x64

Mlсrоsо...p.appx

windows10-2004-x64

Sharing

General

Target

MlсrоsоftЕdgеSеtup.appx
Size

3.6MB
Sample

231001-wxnl3sdh68
MD5

de2456b94b4d4019ad591379205ebd6e
SHA1

7f98a888fb52ed5627d7b374439ca14616f68d33
SHA256

788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e
SHA512

abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540
SSDEEP

98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo

Score

10^/10

raccoon 5e2505d8647542f05843f89ae7cd18e7 discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MlсrоsоftЕdgеSеtup.appx

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

MlсrоsоftЕdgеSеtup.appx

Resource

win10v2004-20230915-en

raccoon 5e2505d8647542f05843f89ae7cd18e7 discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

5e2505d8647542f05843f89ae7cd18e7

C2

http://5.75.241.110:80

xor.plain

Targets

- Target
  
  MlсrоsоftЕdgеSеtup.appx
- Size
  
  3.6MB
- MD5
  
  de2456b94b4d4019ad591379205ebd6e
- SHA1
  
  7f98a888fb52ed5627d7b374439ca14616f68d33
- SHA256
  
  788567d3cc693dd5d0dada9f4e1421755c1d74257544ba12b502f085a620585e
- SHA512
  
  abb726b87c0fc52159076fe7ee0a32d3667478cdb9959d206c9589e1e95210cfd7122268ac931c35aff43c6834d024ebfc597052aa3bcd936f6925a84aa2b540
- SSDEEP
  
  98304:dfic5es3aimY7NhbJpcdYyeuASKnRcfw9X:dKc5emmYvdM5euASKnRcfo
Score

10^/10

raccoon 5e2505d8647542f05843f89ae7cd18e7 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon5e2505d8647542f05843f89ae7cd18e7discoveryspywarestealer

© 2018-2025

Terms | Privacy