raccoon | 447cc0e824ccbad20d29998b9e64b792d7c40de93ebc36ac490748f4b551e02c | Triage

Sharing

General

Target

FullSetup.exe
Size

810KB
Sample

240925-zwvksa1bpg
MD5

44e6f5db4a0f2c8f90c487b06c1b31bf
SHA1

8dbdb692668f214892759c2e0ce2ee1e16aed475
SHA256

447cc0e824ccbad20d29998b9e64b792d7c40de93ebc36ac490748f4b551e02c
SHA512

c0201dc9ed1354103b72670939f5e2226f1559748618e2642dbf3e6b7f29189583e641edb70c135976d7d58a39edcd12871d6b588e1eb500151125c5cf8d6f11
SSDEEP

12288:ZiuvcvdBR6qqAqo8BjSJpbYNm1Bi/k52jCVkonaafLSPbXCvPFqwnNZ:Zkv6qqdpSzbYNOBV2jMnaU00tTNZ

Score

10^/10

raccoon 167f93a63fe65b2f9a51452da5a0e659 discovery persistence stealer

Malware Config

Extracted

Family

raccoon

Botnet

167f93a63fe65b2f9a51452da5a0e659

C2

http://92.38.240.8/

Attributes

user_agent
mozzzzzzzzzzz

xor.plain

Targets

- Target
  
  FullSetup.exe
- Size
  
  810KB
- MD5
  
  44e6f5db4a0f2c8f90c487b06c1b31bf
- SHA1
  
  8dbdb692668f214892759c2e0ce2ee1e16aed475
- SHA256
  
  447cc0e824ccbad20d29998b9e64b792d7c40de93ebc36ac490748f4b551e02c
- SHA512
  
  c0201dc9ed1354103b72670939f5e2226f1559748618e2642dbf3e6b7f29189583e641edb70c135976d7d58a39edcd12871d6b588e1eb500151125c5cf8d6f11
- SSDEEP
  
  12288:ZiuvcvdBR6qqAqo8BjSJpbYNm1Bi/k52jCVkonaafLSPbXCvPFqwnNZ:Zkv6qqdpSzbYNOBV2jMnaU00tTNZ
Score

10^/10

raccoon 167f93a63fe65b2f9a51452da5a0e659 discovery persistence stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon167f93a63fe65b2f9a51452da5a0e659discoverypersistencestealer