raccoon

General

Target

8f7c7aadf506d8850c65d6fad2646438.exe
Size

5.1MB
Sample

231012-tq9jvsah2s
MD5

8f7c7aadf506d8850c65d6fad2646438
SHA1

0d45d3ea30740a2a6df523396cf143dd59ebeec7
SHA256

eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
SHA512

17e1a00dd04694a95760c93e20d878e5956b215ecff1eb5dba917719ddff8587d9fddeb0bd7008a6e248859a83d2446310f8fc4cfddbcd44cb4ca2b1f6b4bf53
SSDEEP

98304:sbpLElLpmF74U66BS5vdypRR67nVUEFUCfbN1xi0zCB/Rr97XJ:sbpLEFpmKU66BYVyr4nV7+Crxi0Ur9T

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

87f528fdf77d01f9fa643940cd3d2289

C2

http://5.45.85.201:80/

Attributes

user_agent
GeekingToTheMoon

xor.plain

Targets

- Target
  
  8f7c7aadf506d8850c65d6fad2646438.exe
- Size
  
  5.1MB
- MD5
  
  8f7c7aadf506d8850c65d6fad2646438
- SHA1
  
  0d45d3ea30740a2a6df523396cf143dd59ebeec7
- SHA256
  
  eb8455a49caa35beaa645fb26a4b760a84e2abcce810b9261518fc978d6027c9
- SHA512
  
  17e1a00dd04694a95760c93e20d878e5956b215ecff1eb5dba917719ddff8587d9fddeb0bd7008a6e248859a83d2446310f8fc4cfddbcd44cb4ca2b1f6b4bf53
- SSDEEP
  
  98304:sbpLElLpmF74U66BS5vdypRR67nVUEFUCfbN1xi0zCB/Rr97XJ:sbpLEFpmKU66BYVyr4nV7+Crxi0Ur9T
Score

10^/10

raccoon 87f528fdf77d01f9fa643940cd3d2289 evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2