raccoon

General

Target

2024-07-25_86dacb5c05434fabff224f9451f75eb2_avoslocker_cobalt-strike_raccoonstealer_wapomi
Size

593KB
Sample

240725-l1gb3asckp
MD5

86dacb5c05434fabff224f9451f75eb2
SHA1

56e6da3d0a9bc3684a4bc73d459cb21878aca58e
SHA256

3002996d235b46741e0a53e7a0996b5a70f70cc52b9842149ee4985304bed921
SHA512

f332265dbc8ff6e45928bc9a7db30752c8b3100257e437ef8fb88c3320da99a595a5a22269b9e14d36eb352c4f45f9577e46993181c2b20faca9405a4f91731d
SSDEEP

12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaaqCuJ58Vf:EkX9JwDLaDHZoFs3ACcRQaafnVf

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

71004f0296d86c819c25c97e99fb94ff2db9146d

Attributes

url4cnc
http://174.138.11.98/artisnpap3

http://194.180.191.44/artisnpap3

http://91.219.236.120/artisnpap3

https://t.me/artisnpap3

rc4.plain

Targets

- Target
  
  2024-07-25_86dacb5c05434fabff224f9451f75eb2_avoslocker_cobalt-strike_raccoonstealer_wapomi
- Size
  
  593KB
- MD5
  
  86dacb5c05434fabff224f9451f75eb2
- SHA1
  
  56e6da3d0a9bc3684a4bc73d459cb21878aca58e
- SHA256
  
  3002996d235b46741e0a53e7a0996b5a70f70cc52b9842149ee4985304bed921
- SHA512
  
  f332265dbc8ff6e45928bc9a7db30752c8b3100257e437ef8fb88c3320da99a595a5a22269b9e14d36eb352c4f45f9577e46993181c2b20faca9405a4f91731d
- SSDEEP
  
  12288:87AVwypN9NnwDLaDHZoFBHq3Ad4Dqo3XWRsauaaqCuJ58Vf:EkX9JwDLaDHZoFs3ACcRQaafnVf
Score

10^/10

raccoon 71004f0296d86c819c25c97e99fb94ff2db9146d aspackv2 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon Stealer V1 payload

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2