raccoon | bddd91f972e2fa78e6811aaf3629201dbec33f9b3f284d1d333b6e426539095d | Triage

Sharing

General

Target

7538ac9e7b96e8d73364bf0b6b9b6c32
Size

19.1MB
Sample

240125-w9ff8sdgdl
MD5

7538ac9e7b96e8d73364bf0b6b9b6c32
SHA1

e55e30ad935594489424839e6025064bd8c13717
SHA256

bddd91f972e2fa78e6811aaf3629201dbec33f9b3f284d1d333b6e426539095d
SHA512

cd161929ed0d99037f9f7a1f75596e01c2b6bdfc72887aaf6ee09fa40b1819f5c69527a63730a3ef90eee3cd8462738164ffa2537d9042499433ece7a8a6ec22
SSDEEP

393216:q+fzawW8ZprOBi/o3CfKFcR0vPhfzQJKBQl5Pdw9XgG+GHcC:nzBWErxo3CfKF3hfzuKBQP4wGHcC

Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe aspackv2 evasion stealer trojan

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

0343d4da493d263f78921a8724ca6adf05347cfe

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  7538ac9e7b96e8d73364bf0b6b9b6c32
- Size
  
  19.1MB
- MD5
  
  7538ac9e7b96e8d73364bf0b6b9b6c32
- SHA1
  
  e55e30ad935594489424839e6025064bd8c13717
- SHA256
  
  bddd91f972e2fa78e6811aaf3629201dbec33f9b3f284d1d333b6e426539095d
- SHA512
  
  cd161929ed0d99037f9f7a1f75596e01c2b6bdfc72887aaf6ee09fa40b1819f5c69527a63730a3ef90eee3cd8462738164ffa2537d9042499433ece7a8a6ec22
- SSDEEP
  
  393216:q+fzawW8ZprOBi/o3CfKFcR0vPhfzQJKBQl5Pdw9XgG+GHcC:nzBWErxo3CfKF3hfzuKBQP4wGHcC
Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan aspackv2
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

BITS Jobs

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

BITS Jobs

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

raccoon0343d4da493d263f78921a8724ca6adf05347cfeevasionstealertrojan

behavioral2

raccoon0343d4da493d263f78921a8724ca6adf05347cfeaspackv2evasionstealertrojan