raccoon | 3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

3e138230bd...a0.exe

windows7-x64

3e138230bd...a0.exe

windows10-2004-x64

Sharing

General

Target

3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0.exe
Size

476KB
Sample

240726-dbkdesvdrf
MD5

cc715e675cf509c25aaa918dfe92d8c7
SHA1

bdb9b6697f1af20b237cdebee07719ff611cd56c
SHA256

3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0
SHA512

5fe276ecd2ab44569684b6890439f751171a23905d50683e9cdb959d6d5e2c55b976484386caf258b662414c31c1fa54aa21cf43a5d29e106efcbd6053bf8441
SSDEEP

12288:YVEJtDELG2OyT3/foiVTE7gjiQugC9yFsNJwoO:YVAELGiIibjugLoh

Score

10^/10

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 aspackv2 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0.exe

Resource

win7-20240708-en

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 aspackv2 discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0.exe

Resource

win10v2004-20240709-en

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 aspackv2 discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

cd8dc1031358b1aec55cc6bc447df1018b068607

Attributes

url4cnc
https://telete.in/jagressor_kz

rc4.plain

rc4.plain

Targets

- Target
  
  3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0.exe
- Size
  
  476KB
- MD5
  
  cc715e675cf509c25aaa918dfe92d8c7
- SHA1
  
  bdb9b6697f1af20b237cdebee07719ff611cd56c
- SHA256
  
  3e138230bd00c8d0878ffa7b5dc5e8827aa65f8f5a3d96450f0bd048d771b4a0
- SHA512
  
  5fe276ecd2ab44569684b6890439f751171a23905d50683e9cdb959d6d5e2c55b976484386caf258b662414c31c1fa54aa21cf43a5d29e106efcbd6053bf8441
- SSDEEP
  
  12288:YVEJtDELG2OyT3/foiVTE7gjiQugC9yFsNJwoO:YVAELGiIibjugLoh
Score

10^/10

raccoon cd8dc1031358b1aec55cc6bc447df1018b068607 aspackv2 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccooncd8dc1031358b1aec55cc6bc447df1018b068607aspackv2discoverystealer

behavioral2

raccooncd8dc1031358b1aec55cc6bc447df1018b068607aspackv2discoverystealer

© 2018-2024

Terms | Privacy