raccoon | 79137d627ed41d0ab901c8bb9d7fb88d92b5733826535633b102b6a21ccf97cc | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.TR.Dropper.Gen.20753.32473.exe
Size

6.5MB
Sample

240809-k4w19ayeqm
MD5

0aac498256e938e33ee6d29a53f2cbbc
SHA1

573c647e314f41b1664ea240f2f9b97e745527af
SHA256

79137d627ed41d0ab901c8bb9d7fb88d92b5733826535633b102b6a21ccf97cc
SHA512

f4c8c71094a35f553640dddac07e836734bfdaef26c92ca57011cc98001b228342f722e1a39fd858b8c296dcae52de5e98cc489a473bca605764fa7db663aaac
SSDEEP

196608:w7pPH8FQ8pnh8m3gaveFRFBxaw3ENDEAI5qUF:w75Sph8m14FBxaSm3IjF

Score

10^/10

raccoon cdfc9a1f925b0d382ad5704a3cb352fb discovery stealer

Malware Config

Extracted

Family

raccoon

Botnet

cdfc9a1f925b0d382ad5704a3cb352fb

C2

http://192.121.23.67:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.TR.Dropper.Gen.20753.32473.exe
- Size
  
  6.5MB
- MD5
  
  0aac498256e938e33ee6d29a53f2cbbc
- SHA1
  
  573c647e314f41b1664ea240f2f9b97e745527af
- SHA256
  
  79137d627ed41d0ab901c8bb9d7fb88d92b5733826535633b102b6a21ccf97cc
- SHA512
  
  f4c8c71094a35f553640dddac07e836734bfdaef26c92ca57011cc98001b228342f722e1a39fd858b8c296dcae52de5e98cc489a473bca605764fa7db663aaac
- SSDEEP
  
  196608:w7pPH8FQ8pnh8m3gaveFRFBxaw3ENDEAI5qUF:w75Sph8m14FBxaSm3IjF
Score

10^/10

raccoon cdfc9a1f925b0d382ad5704a3cb352fb discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccooncdfc9a1f925b0d382ad5704a3cb352fbdiscoverystealer

behavioral2