raccoon

General

Target

0b122302c692af0213db722190b8e513_JaffaCakes118
Size

1.9MB
Sample

240328-vgbf5sbb5t
MD5

0b122302c692af0213db722190b8e513
SHA1

38c47acf26cc63fad4ef4033150093e45d59655a
SHA256

e271f1c40db30b3cf52dfa09617a34632db3edac155c03dfbfcb9c2f05c1c1cd
SHA512

d4c3aea5c232bb0f3412308daad00e63d8ada2d1273836877ded7c04ae51f0b6561ece13d9e291c3ca83d58571243a8cfdfa20a5cf47c5840a1c6e2b2c6a6c76
SSDEEP

24576:JQgPK5BP+BoCLxjJr8/4vLudZ4UnDRIXnO+THFVli5kmIkYXBInLjo/Tq1i3RfJw:JQgPKbY0/qmZ4Und6DkmmIkQz/TqGCum

Score

10^/10

Malware Config

Targets

- Target
  
  0b122302c692af0213db722190b8e513_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  0b122302c692af0213db722190b8e513
- SHA1
  
  38c47acf26cc63fad4ef4033150093e45d59655a
- SHA256
  
  e271f1c40db30b3cf52dfa09617a34632db3edac155c03dfbfcb9c2f05c1c1cd
- SHA512
  
  d4c3aea5c232bb0f3412308daad00e63d8ada2d1273836877ded7c04ae51f0b6561ece13d9e291c3ca83d58571243a8cfdfa20a5cf47c5840a1c6e2b2c6a6c76
- SSDEEP
  
  24576:JQgPK5BP+BoCLxjJr8/4vLudZ4UnDRIXnO+THFVli5kmIkYXBInLjo/Tq1i3RfJw:JQgPKbY0/qmZ4Und6DkmmIkQz/TqGCum
Score

10^/10

raccoon evasion stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Raccoon Stealer V1 payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2