raccoon | dd75325c7035eee20647ca9d5a101167165d2dba88f6bf54a7afc50c276aba90 | Triage

Sharing

General

Target

fdac2e9e28dab9d46d75e1a9d0463485_JaffaCakes118
Size

2.0MB
Sample

240929-dh5myaxdqq
MD5

fdac2e9e28dab9d46d75e1a9d0463485
SHA1

7b8cadc70ee00aeaf0f808ce608d9d1f2cf488a2
SHA256

dd75325c7035eee20647ca9d5a101167165d2dba88f6bf54a7afc50c276aba90
SHA512

46c968c932cbba65454197413385702425a61da8346c3562ffd3220637849e3670cc6814fa9c5ead1a48063990e7c75e7342f9ee7546f8d6227f817d78cf8b4d
SSDEEP

49152:H7YMArGklBn1sel23vbqNsJfz1WnVcihBMVcEzx116:lKBeU23DXEjPCx

Score

10^/10

raccoon 3b4a989d02bdc16a530ec640920b824fdcd15ec4 discovery evasion stealer trojan

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

3b4a989d02bdc16a530ec640920b824fdcd15ec4

Attributes

url4cnc
http://teletop.top/viv0ramadium0

http://teleta.top/viv0ramadium0

https://t.me/viv0ramadium0

rc4.plain

rc4.plain

Targets

- Target
  
  fdac2e9e28dab9d46d75e1a9d0463485_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  fdac2e9e28dab9d46d75e1a9d0463485
- SHA1
  
  7b8cadc70ee00aeaf0f808ce608d9d1f2cf488a2
- SHA256
  
  dd75325c7035eee20647ca9d5a101167165d2dba88f6bf54a7afc50c276aba90
- SHA512
  
  46c968c932cbba65454197413385702425a61da8346c3562ffd3220637849e3670cc6814fa9c5ead1a48063990e7c75e7342f9ee7546f8d6227f817d78cf8b4d
- SSDEEP
  
  49152:H7YMArGklBn1sel23vbqNsJfz1WnVcihBMVcEzx116:lKBeU23DXEjPCx
Score

10^/10

raccoon 3b4a989d02bdc16a530ec640920b824fdcd15ec4 discovery evasion stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon3b4a989d02bdc16a530ec640920b824fdcd15ec4discoveryevasionstealertrojan

behavioral2

raccoon3b4a989d02bdc16a530ec640920b824fdcd15ec4discoveryevasionstealertrojan