raccoon | 43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797 | Triage

Submit
Reports

Overview

overview

Static

static

3

e4f4e05162...18.exe

windows7-x64

e4f4e05162...18.exe

windows10-2004-x64

Sharing

General

Target

e4f4e051625054d753730fd9183c4a34_JaffaCakes118
Size

496KB
Sample

240916-rpg24ssbph
MD5

e4f4e051625054d753730fd9183c4a34
SHA1

d538ffffd82540752a23d5defc90e501093861bf
SHA256

43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
SHA512

10178975c49c2fc1c414ad1d106d1e46c0fa4bd1748bba24c80b7ff982da034019d69bba3b559255632a8df953dab7ec901b979d8be99ee88efefb3cbd9861a5
SSDEEP

12288:sP8pIWvupcsqm9vINO0z00n30h2tckiUSJdPKF0:sLWIc3mxINH40n30M25dPj

Score

10^/10

raccoon ff236091d9fbac249beeec4137efd72b5327efd9 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e4f4e051625054d753730fd9183c4a34_JaffaCakes118.exe

Resource

win7-20240903-en

raccoon ff236091d9fbac249beeec4137efd72b5327efd9 discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4f4e051625054d753730fd9183c4a34_JaffaCakes118.exe

Resource

win10v2004-20240802-en

raccoon ff236091d9fbac249beeec4137efd72b5327efd9 discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ff236091d9fbac249beeec4137efd72b5327efd9

Attributes

url4cnc
https://drive.google.com/uc?export=download&id=12JPrOMXQIwvLmvbb60igt1JLe1WETE6M

rc4.plain

rc4.plain

Targets

- Target
  
  e4f4e051625054d753730fd9183c4a34_JaffaCakes118
- Size
  
  496KB
- MD5
  
  e4f4e051625054d753730fd9183c4a34
- SHA1
  
  d538ffffd82540752a23d5defc90e501093861bf
- SHA256
  
  43eb644d0682f9bc85745c538015ba9ad19b10116792b5e5aa5da33b6c3af797
- SHA512
  
  10178975c49c2fc1c414ad1d106d1e46c0fa4bd1748bba24c80b7ff982da034019d69bba3b559255632a8df953dab7ec901b979d8be99ee88efefb3cbd9861a5
- SSDEEP
  
  12288:sP8pIWvupcsqm9vINO0z00n30h2tckiUSJdPKF0:sLWIc3mxINH40n30M25dPj
Score

10^/10

raccoon ff236091d9fbac249beeec4137efd72b5327efd9 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonff236091d9fbac249beeec4137efd72b5327efd9discoverystealer

behavioral2

raccoonff236091d9fbac249beeec4137efd72b5327efd9discoverystealer

© 2018-2024

Terms | Privacy