raccoon

General

Target

17E503AEF3804C0513838FB4AE3E00F323B1260BF753D99DBF0AE415BA54DE11.exe
Size

529KB
Sample

240724-ntewrsxele
MD5

adefe9227efad76eb767140ac9fefb5b
SHA1

385cfeddc1ac761723119ff06b3f042a2a3f4577
SHA256

90608df647f490150050db8a8cbcc66d15166957f53882a732699f78a939656b
SHA512

1b2b9e6ed1ee1ff2c1000fd9b4687bf2afcd9fe4e8ab01ad7b7579f857fd6edf2eb67d0e708db88108fcbcd191aa5a3a74cbcdde74756d7ec0f138cf30d08767
SSDEEP

12288:p+9KFURIZbfKZXwNkbQkduJqKKFeKTjMAfZsiP:0mjZb4LQUuQ7Fn1RhP

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

4b8853263bfbfde368561fd97dd96c93b6b91e4f

Attributes

url4cnc
http://194.180.191.241/capibar

http://103.155.93.35/capibar

https://t.me/capibar

rc4.plain

Targets

- Target
  
  17E503AEF3804C0513838FB4AE3E00F323B1260BF753D99DBF0AE415BA54DE11.exe
- Size
  
  529KB
- MD5
  
  adefe9227efad76eb767140ac9fefb5b
- SHA1
  
  385cfeddc1ac761723119ff06b3f042a2a3f4577
- SHA256
  
  90608df647f490150050db8a8cbcc66d15166957f53882a732699f78a939656b
- SHA512
  
  1b2b9e6ed1ee1ff2c1000fd9b4687bf2afcd9fe4e8ab01ad7b7579f857fd6edf2eb67d0e708db88108fcbcd191aa5a3a74cbcdde74756d7ec0f138cf30d08767
- SSDEEP
  
  12288:p+9KFURIZbfKZXwNkbQkduJqKKFeKTjMAfZsiP:0mjZb4LQUuQ7Fn1RhP
Score

10^/10

raccoon 4b8853263bfbfde368561fd97dd96c93b6b91e4f aspackv2 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V1 payload

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2