raccoon

General

Target

2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi
Size

593KB
Sample

240529-mt8cmscf99
MD5

f21bae4debf2bc660f2fce8285556790
SHA1

6febf83452c9c809a34ac32b77e0927c474c5c89
SHA256

4394703b75ca6de35ab20fd34d4669955617f9420c95a1191ee0aa7cc5ca997a
SHA512

97427930525dd120d06f8ef10affa391a6b262ef1347a51b4fbf7ce64a570ed4515d8b433117d237a68668ea3e16c3d8cdaca6d8f5bb4475ab1aabd64ff980f3
SSDEEP

12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaabCuJ583f:EkX9JwDLaDHZoFs3ACcRQaaGn3f

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar

http://103.155.93.35/capibar

https://t.me/capibar

rc4.plain

Targets

- Target
  
  2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi
- Size
  
  593KB
- MD5
  
  f21bae4debf2bc660f2fce8285556790
- SHA1
  
  6febf83452c9c809a34ac32b77e0927c474c5c89
- SHA256
  
  4394703b75ca6de35ab20fd34d4669955617f9420c95a1191ee0aa7cc5ca997a
- SHA512
  
  97427930525dd120d06f8ef10affa391a6b262ef1347a51b4fbf7ce64a570ed4515d8b433117d237a68668ea3e16c3d8cdaca6d8f5bb4475ab1aabd64ff980f3
- SSDEEP
  
  12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaabCuJ583f:EkX9JwDLaDHZoFs3ACcRQaaGn3f
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d aspackv2 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Detects executables packed with ASPack
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V1 payload

Detects executables packed with ASPack

Detects executables referencing many email and collaboration clients. Observed in information stealers

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2