raccoon | 017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8
Size

1.6MB
Sample

231126-17ejdace77
MD5

346bcb0f32a5f129bcc397b3ff149d06
SHA1

cc9ef4edeb9d2c2ecf4a8fdca5b0c194244e0d85
SHA256

017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8
SHA512

4efbd8295b8021f4ae58962fb623478a2ae0095e0fa0bb08840382573fae47352a55ffaadab016abca6413155abe64536cb8eb819e0ea6a96fbaf2f49a00eedc
SSDEEP

24576:SeFafLTWHB2CUuE7GaTRWAlVzQKPBG2qIeO46EhX:SyGTWHM75TNVB5HqmFAX

Score

10^/10

raccoon redline infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8.exe

Resource

win7-20231020-en

raccoon redline infostealer spyware stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8.exe

Resource

win10-20231020-en

raccoon redline infostealer spyware stealer

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8
- Size
  
  1.6MB
- MD5
  
  346bcb0f32a5f129bcc397b3ff149d06
- SHA1
  
  cc9ef4edeb9d2c2ecf4a8fdca5b0c194244e0d85
- SHA256
  
  017fdf6b4016eb83c74165110d7b1b77aab163c1b58ef133b93f07788a1906b8
- SHA512
  
  4efbd8295b8021f4ae58962fb623478a2ae0095e0fa0bb08840382573fae47352a55ffaadab016abca6413155abe64536cb8eb819e0ea6a96fbaf2f49a00eedc
- SSDEEP
  
  24576:SeFafLTWHB2CUuE7GaTRWAlVzQKPBG2qIeO46EhX:SyGTWHM75TNVB5HqmFAX
Score

10^/10

raccoon redline infostealer spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

raccoonredlineinfostealerspywarestealer

behavioral2

raccoonredlineinfostealerspywarestealer

© 2018-2024

Terms | Privacy