raccoon

General

Target

2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil
Size

5.6MB
Sample

240402-ayrjgabh94
MD5

f9b49c98755c58c68618cb1e9985587f
SHA1

561f73b4258a2b36547265cc47560ea96fe618e4
SHA256

dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61
SHA512

be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688
SSDEEP

98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

4a9f651f0c883b5f75c545d430f6c021

C2

http://192.227.94.170:80

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  2024-04-02_f9b49c98755c58c68618cb1e9985587f_magniber_revil
- Size
  
  5.6MB
- MD5
  
  f9b49c98755c58c68618cb1e9985587f
- SHA1
  
  561f73b4258a2b36547265cc47560ea96fe618e4
- SHA256
  
  dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61
- SHA512
  
  be7e01506d3f0aa75872d0a6a2aa3bc10e2f09bbb5e6d880b29c41a48b40c294e146d374afaa4d52a96132f1c48be61db689a0a9e189c0c3f25a5bc96f2e8688
- SSDEEP
  
  98304:kpKEJWqF/G2lP3ZWnaIyGbCy4uqJOBiT5A4V5wfa2o:fMWsplRWn/Cy40iTiB/o
Score

10^/10

raccoon 4a9f651f0c883b5f75c545d430f6c021 discovery spyware stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V2 payload

Detects executables containing SQL queries to confidential data stores. Observed in infostealers

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2