raccoon | b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4f | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.b5cf5...xe.exe

windows7-x64

NEAS.b5cf5...xe.exe

windows10-2004-x64

Sharing

General

Target

NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe
Size

17.2MB
Sample

231204-t6ygjach3s
MD5

925b24e015594a31f27b664408d5790b
SHA1

34da1ed812040a8537e35fa985bb5a391170df24
SHA256

b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4f
SHA512

a54d03cc68002635fb1fdd12853777993563cb145a4315fc32c0e66f920b7f43e9030f8b8aedb64199b6872d9bc778f2e13fca7d59d764fbff8a8aef6b4c4f7c
SSDEEP

393216:5/dAyQ3aVYQ3wjvRj4tKEP3VgDePlbYfOPtYu:VdAj3aOvRXSlgDePlEfOlYu

Score

10^/10

raccoon discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe

Resource

win7-20231025-en

raccoon discovery spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe

Resource

win10v2004-20231127-en

raccoon discovery spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4fexe.exe
- Size
  
  17.2MB
- MD5
  
  925b24e015594a31f27b664408d5790b
- SHA1
  
  34da1ed812040a8537e35fa985bb5a391170df24
- SHA256
  
  b5cf579375a0f70bb78e1db6b286517906614d1aeedada230f88e22126c08d4f
- SHA512
  
  a54d03cc68002635fb1fdd12853777993563cb145a4315fc32c0e66f920b7f43e9030f8b8aedb64199b6872d9bc778f2e13fca7d59d764fbff8a8aef6b4c4f7c
- SSDEEP
  
  393216:5/dAyQ3aVYQ3wjvRj4tKEP3VgDePlbYfOPtYu:VdAj3aOvRXSlgDePlEfOlYu
Score

10^/10

raccoon discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

raccoondiscoveryspywarestealer

behavioral2

raccoondiscoveryspywarestealer

© 2018-2024

Terms | Privacy