raccoon

Resubmissions

24/02/2024, 23:32

240224-3jlc5agg36 10

19/02/2024, 20:03

240219-ys4tlscg37 10

19/02/2024, 20:01

240219-yrrsnacb2z 10

Sharing

Copy URL

Twitter E-mail

General

Target

Driver Booster 11 PRO.rar
Size

658KB
Sample

240224-3jlc5agg36
MD5

6d3ca847c423d6819dd364bd333572b6
SHA1

bfc6115fe0c41245f247d038737730fcd23c706d
SHA256

5961d0a8ebdc116b674d3231b5c8b01b35d3c7a191b0bb8ab5bb7b14352cc065
SHA512

eafe0185411812ea8ac561b2bf34a4f2551979252e1b42b1d045e523318c0de964c12c48aef7e8d91d667e836f3d3f2b7a3a62477a57440df25486cf9d92f102
SSDEEP

12288:vtSkbZjfeGDXtsLrWe6S4OqhECnTjRDMzNK0IFJWZZYbWhTkUuo:vzbgGDds+e74R7BAzPoUZqbW9kU7

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

ccf92b7fb8bdc5b3c5b2cea72a452ab2

http://46.151.31.26:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  License/Driver Booster 11 PRO License.exe
- Size
  
  770KB
- MD5
  
  27cf0c7d37e5ffbab9b1a163544f3321
- SHA1
  
  3ed7493f213a01f7c99a4d11f56cfa7f79f90d0a
- SHA256
  
  4f6eba5f100a37005509d15782ca2991de72d027be766ba779f20e956555c29b
- SHA512
  
  f9ac54ee39c7192406a51a6e506b420387b2314facc31656b1acd3a69fdcb3060553b42122c5a6f5092083d71c20d4304b1ed067e9b1e481951c1a4798e0fa2d
- SSDEEP
  
  12288:HtLqu6mmCXykkkkkkkBgEgEQJrQXSmsw71AfyffvnZYyGPlWHiCXIEwc+4iAxtz+:HtLWjQXDsw+fAXnZWWHLfwcvxzF7di
Score

10^/10

raccoon ccf92b7fb8bdc5b3c5b2cea72a452ab2 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V2 payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2