raccoon | 50e46868dec1ccf12f805464f0bdf31f87ca8e136b2921b7b067b5a76eb21b2f | Triage

Sharing

General

Target

ccfdadcd4bd9dd07ccd30448d207dd9d
Size

18.8MB
Sample

240316-d1lmsaah7x
MD5

ccfdadcd4bd9dd07ccd30448d207dd9d
SHA1

dcb46dd2a9446489af64cb9244d36c138c653738
SHA256

50e46868dec1ccf12f805464f0bdf31f87ca8e136b2921b7b067b5a76eb21b2f
SHA512

88507e55b26b64a16d6d1bea824bd997eb4c859adc30660071607298b53eb0f1bfcc4c9a795248ad8d647438cc38e46ec82ee6aab969efb71cfdc1a34947ad1c
SSDEEP

393216:zUIDoA1J6MFSxbz81bl5n1QMBIbzmE030vc6c2VQy:vD96M0FklVBW+30U6cwQy

Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

0343d4da493d263f78921a8724ca6adf05347cfe

Attributes

url4cnc
https://telete.in/jbitchsucks

rc4.plain

rc4.plain

Targets

- Target
  
  ccfdadcd4bd9dd07ccd30448d207dd9d
- Size
  
  18.8MB
- MD5
  
  ccfdadcd4bd9dd07ccd30448d207dd9d
- SHA1
  
  dcb46dd2a9446489af64cb9244d36c138c653738
- SHA256
  
  50e46868dec1ccf12f805464f0bdf31f87ca8e136b2921b7b067b5a76eb21b2f
- SHA512
  
  88507e55b26b64a16d6d1bea824bd997eb4c859adc30660071607298b53eb0f1bfcc4c9a795248ad8d647438cc38e46ec82ee6aab969efb71cfdc1a34947ad1c
- SSDEEP
  
  393216:zUIDoA1J6MFSxbz81bl5n1QMBIbzmE030vc6c2VQy:vD96M0FklVBW+30U6cwQy
Score

10^/10

raccoon 0343d4da493d263f78921a8724ca6adf05347cfe evasion stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

BITS Jobs

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon0343d4da493d263f78921a8724ca6adf05347cfeevasionstealertrojan

behavioral2

raccoon0343d4da493d263f78921a8724ca6adf05347cfeevasionstealertrojan