raccoon | e90a83200f37f7895ee404c2b4279e13d2b51f488379687b3ee2f90211d6d7a7 | Triage

Sharing

General

Target

e90a83200f37f7895ee404c2b4279e13d2b51f488379687b3ee2f90211d6d7a7
Size

691KB
Sample

231126-2kdh8sch26
MD5

e02a0537969f2033db84a15927015f20
SHA1

c74a1b60eb95b203d6fc7becd5fd7eceb2ca29d3
SHA256

e90a83200f37f7895ee404c2b4279e13d2b51f488379687b3ee2f90211d6d7a7
SHA512

0c9cc0a7fd20459d5a7356738c470d5b034560becb70dfeb8740f4145555302a7dd2ae35fc0fdbf6b0a111806ee6028a90dc9903a8671d67754c01ca0ea54ce4
SSDEEP

6144:/rb9JXJ+MoAK16fvlscd/OmQ4+8leY13YpaZ+brKMFNlITQnV/digUaDlSBBu4EK:j5++WAFd/88leWYpU+37FDIT28RaDTq

Score

10^/10

raccoon redline infostealer persistence spyware stealer

Malware Config

Targets

- Target
  
  e90a83200f37f7895ee404c2b4279e13d2b51f488379687b3ee2f90211d6d7a7
- Size
  
  691KB
- MD5
  
  e02a0537969f2033db84a15927015f20
- SHA1
  
  c74a1b60eb95b203d6fc7becd5fd7eceb2ca29d3
- SHA256
  
  e90a83200f37f7895ee404c2b4279e13d2b51f488379687b3ee2f90211d6d7a7
- SHA512
  
  0c9cc0a7fd20459d5a7356738c470d5b034560becb70dfeb8740f4145555302a7dd2ae35fc0fdbf6b0a111806ee6028a90dc9903a8671d67754c01ca0ea54ce4
- SSDEEP
  
  6144:/rb9JXJ+MoAK16fvlscd/OmQ4+8leY13YpaZ+brKMFNlITQnV/digUaDlSBBu4EK:j5++WAFd/88leWYpU+37FDIT28RaDTq
Score

10^/10

raccoon redline infostealer persistence spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoonredlineinfostealerpersistencespywarestealer