Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    1.2MB

  • Sample

    231128-wcl8hsca4v

  • MD5

    76ee9c9e73b94f5252cc2413836b11f8

  • SHA1

    f1a0e68fb6d842b6774696478500a0b933ac63b4

  • SHA256

    78aadd578bfe37e33de9d10169dd9487c56d0627e5dac900f2b1bc4bac8a3e5f

  • SHA512

    e93b668a30f8bf857735629ef5f3da7245c5afebb6c72e439dc8b14892197179e57287f9df7f965507e1fb286e9554b791049ed1541c840692181ccbd6306b4a

  • SSDEEP

    24576:g1O/1tWuBPKuU2t+U5yAF2A8aWrBiX+lKdXzDgw:g2Wm2hdVvlK1z

Score
10/10
raccoonstealer

Malware Config

Targets

    • Target

      tmp

    • Size

      1.2MB

    • MD5

      76ee9c9e73b94f5252cc2413836b11f8

    • SHA1

      f1a0e68fb6d842b6774696478500a0b933ac63b4

    • SHA256

      78aadd578bfe37e33de9d10169dd9487c56d0627e5dac900f2b1bc4bac8a3e5f

    • SHA512

      e93b668a30f8bf857735629ef5f3da7245c5afebb6c72e439dc8b14892197179e57287f9df7f965507e1fb286e9554b791049ed1541c840692181ccbd6306b4a

    • SSDEEP

      24576:g1O/1tWuBPKuU2t+U5yAF2A8aWrBiX+lKdXzDgw:g2Wm2hdVvlK1z

    Score
    10/10
    raccoonstealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks