raccoon | 88d0b7c12318d56331734f2e0f9c40d5aae3b35458d78b9f50a5f588f37315ec | Triage

Submit
Reports

Overview

overview

Static

static

3

56953f00e5...71.exe

windows7-x64

56953f00e5...71.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

56953f00e527964f9556247cfee99e71
Size

8.6MB
Sample

240112-qn6hmshed6
MD5

56953f00e527964f9556247cfee99e71
SHA1

460f2e879f6b32e2917a38f20478491da003e971
SHA256

88d0b7c12318d56331734f2e0f9c40d5aae3b35458d78b9f50a5f588f37315ec
SHA512

fbf82b42b782eae11425c1be23f60bdc7bb35b485386ef7082d0fa0da584133af884932d4e1513dabd8909ab83a598b0096af76cef7024fc04cf4fdbab24d311
SSDEEP

196608:sEH8sDE80CzUqgX91QRWpabS4TmOePf6oX/b3xXJKV1PBK3r8BAs+nnaqmU:uq7z8XsRWwbSHLf6oThXE1iiA/naqmU

Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

56953f00e527964f9556247cfee99e71.exe

Resource

win7-20231215-en

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

56953f00e527964f9556247cfee99e71.exe

Resource

win10v2004-20231215-en

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

0343d4da493d263f78921a8724ca6adf05347cfe

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  56953f00e527964f9556247cfee99e71
- Size
  
  8.6MB
- MD5
  
  56953f00e527964f9556247cfee99e71
- SHA1
  
  460f2e879f6b32e2917a38f20478491da003e971
- SHA256
  
  88d0b7c12318d56331734f2e0f9c40d5aae3b35458d78b9f50a5f588f37315ec
- SHA512
  
  fbf82b42b782eae11425c1be23f60bdc7bb35b485386ef7082d0fa0da584133af884932d4e1513dabd8909ab83a598b0096af76cef7024fc04cf4fdbab24d311
- SSDEEP
  
  196608:sEH8sDE80CzUqgX91QRWpabS4TmOePf6oX/b3xXJKV1PBK3r8BAs+nnaqmU:uq7z8XsRWwbSHLf6oThXE1iiA/naqmU
Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan upx
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

BITS Jobs

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon0343d4da493d263f78921a8724ca6adf05347cfeevasionstealer

behavioral2

raccoon0343d4da493d263f78921a8724ca6adf05347cfeevasionstealertrojanupx

© 2018-2025

Terms | Privacy