raccoon | 4394703b75ca6de35ab20fd34d4669955617f9420c95a1191ee0aa7cc5ca997a | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-29...mi.exe

windows7-x64

2024-05-29...mi.exe

windows10-2004-x64

Sharing

General

Target

2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi
Size

593KB
Sample

240529-mt8cmscf99
MD5

f21bae4debf2bc660f2fce8285556790
SHA1

6febf83452c9c809a34ac32b77e0927c474c5c89
SHA256

4394703b75ca6de35ab20fd34d4669955617f9420c95a1191ee0aa7cc5ca997a
SHA512

97427930525dd120d06f8ef10affa391a6b262ef1347a51b4fbf7ce64a570ed4515d8b433117d237a68668ea3e16c3d8cdaca6d8f5bb4475ab1aabd64ff980f3
SSDEEP

12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaabCuJ583f:EkX9JwDLaDHZoFs3ACcRQaaGn3f

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d aspackv2 stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi.exe

Resource

win7-20231129-en

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d aspackv2 stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi.exe

Resource

win10v2004-20240426-en

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d aspackv2 stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  2024-05-29_f21bae4debf2bc660f2fce8285556790_avoslocker_cobalt-strike_raccoonstealer_wapomi
- Size
  
  593KB
- MD5
  
  f21bae4debf2bc660f2fce8285556790
- SHA1
  
  6febf83452c9c809a34ac32b77e0927c474c5c89
- SHA256
  
  4394703b75ca6de35ab20fd34d4669955617f9420c95a1191ee0aa7cc5ca997a
- SHA512
  
  97427930525dd120d06f8ef10affa391a6b262ef1347a51b4fbf7ce64a570ed4515d8b433117d237a68668ea3e16c3d8cdaca6d8f5bb4475ab1aabd64ff980f3
- SSDEEP
  
  12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaabCuJ583f:EkX9JwDLaDHZoFs3ACcRQaaGn3f
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d aspackv2 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Detects executables packed with ASPack
- Detects executables referencing many email and collaboration clients. Observed in information stealers
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857daspackv2stealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857daspackv2stealer

© 2018-2024

Terms | Privacy