raccoon

General

Target

Driver Booster 11 PRO.rar
Size

658KB
Sample

240219-ys4tlscg37
MD5

6d3ca847c423d6819dd364bd333572b6
SHA1

bfc6115fe0c41245f247d038737730fcd23c706d
SHA256

5961d0a8ebdc116b674d3231b5c8b01b35d3c7a191b0bb8ab5bb7b14352cc065
SHA512

eafe0185411812ea8ac561b2bf34a4f2551979252e1b42b1d045e523318c0de964c12c48aef7e8d91d667e836f3d3f2b7a3a62477a57440df25486cf9d92f102
SSDEEP

12288:vtSkbZjfeGDXtsLrWe6S4OqhECnTjRDMzNK0IFJWZZYbWhTkUuo:vzbgGDds+e74R7BAzPoUZqbW9kU7

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

ccf92b7fb8bdc5b3c5b2cea72a452ab2

C2

http://46.151.31.26:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  Driver Booster 11 PRO.rar
- Size
  
  658KB
- MD5
  
  6d3ca847c423d6819dd364bd333572b6
- SHA1
  
  bfc6115fe0c41245f247d038737730fcd23c706d
- SHA256
  
  5961d0a8ebdc116b674d3231b5c8b01b35d3c7a191b0bb8ab5bb7b14352cc065
- SHA512
  
  eafe0185411812ea8ac561b2bf34a4f2551979252e1b42b1d045e523318c0de964c12c48aef7e8d91d667e836f3d3f2b7a3a62477a57440df25486cf9d92f102
- SSDEEP
  
  12288:vtSkbZjfeGDXtsLrWe6S4OqhECnTjRDMzNK0IFJWZZYbWhTkUuo:vzbgGDds+e74R7BAzPoUZqbW9kU7
Score

10^/10

raccoon ccf92b7fb8bdc5b3c5b2cea72a452ab2 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Instructions.txt
- Size
  
  180B
- MD5
  
  b632d91d17b818fca597415d9df2be2a
- SHA1
  
  7275221aeb7e6d6107f6f05082c2f063514e358c
- SHA256
  
  d08e5326b6157866c5cdd6bbe7058b185ed0005bf2b487817cfdfc0f2a83002c
- SHA512
  
  d1c008a866cb174468ac4924876eaff62905de5c65d7f75c6697d50aaccd033562f26b145645fc3371ebd0efce5e1a64b948c81bc90fa5eb7db5b2dff0e63841
Score

1^/10
behavioral3 behavioral4
- Target
  
  License/Driver Booster 11 PRO License.exe
- Size
  
  770KB
- MD5
  
  27cf0c7d37e5ffbab9b1a163544f3321
- SHA1
  
  3ed7493f213a01f7c99a4d11f56cfa7f79f90d0a
- SHA256
  
  4f6eba5f100a37005509d15782ca2991de72d027be766ba779f20e956555c29b
- SHA512
  
  f9ac54ee39c7192406a51a6e506b420387b2314facc31656b1acd3a69fdcb3060553b42122c5a6f5092083d71c20d4304b1ed067e9b1e481951c1a4798e0fa2d
- SSDEEP
  
  12288:HtLqu6mmCXykkkkkkkBgEgEQJrQXSmsw71AfyffvnZYyGPlWHiCXIEwc+4iAxtz+:HtLWjQXDsw+fAXnZWWHLfwcvxzF7di
Score

10^/10

raccoon ccf92b7fb8bdc5b3c5b2cea72a452ab2 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

1

T1018

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V2 payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Raccoon

Raccoon Stealer V2 payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6