raccoon | 90ca9c7f8b656d2104a812ce9ba2625c1ab3b6ae346df7e6f01c838bf8990bda | Triage

Submit
Reports

Overview

overview

Static

static

3

0da43ff281...18.exe

windows7-x64

0da43ff281...18.exe

windows10-2004-x64

Sharing

General

Target

0da43ff2818bd897206bf362ee8aa27f_JaffaCakes118
Size

866KB
Sample

241003-dq9lvsvhme
MD5

0da43ff2818bd897206bf362ee8aa27f
SHA1

7013151ac5b6e201ebb6f20efff8dd8d269e92e5
SHA256

90ca9c7f8b656d2104a812ce9ba2625c1ab3b6ae346df7e6f01c838bf8990bda
SHA512

e9711f909d5a11bf7431ea2000f3200e4e206dd53cf1a4ffd4a8fbe0ce974be37878e3c3a2738b3fbeb26acd48a3f04b547e0b3c89884a5d1a74c2d496739a5c
SSDEEP

24576:o53uhF1ekWz2q28OV0vn0IGFr6s/5iHkNTAskAuQ:o5+hF1CPhOavGFmsB2kN0szuQ

Score

10^/10

raccoon e2b58b2c24d80fcfd249021c5a21ac97c09e40a1 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0da43ff2818bd897206bf362ee8aa27f_JaffaCakes118.exe

Resource

win7-20240903-en

raccoon e2b58b2c24d80fcfd249021c5a21ac97c09e40a1 discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0da43ff2818bd897206bf362ee8aa27f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

raccoon e2b58b2c24d80fcfd249021c5a21ac97c09e40a1 discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

e2b58b2c24d80fcfd249021c5a21ac97c09e40a1

Attributes

url4cnc
https://telete.in/mohibrainos

rc4.plain

rc4.plain

Targets

- Target
  
  0da43ff2818bd897206bf362ee8aa27f_JaffaCakes118
- Size
  
  866KB
- MD5
  
  0da43ff2818bd897206bf362ee8aa27f
- SHA1
  
  7013151ac5b6e201ebb6f20efff8dd8d269e92e5
- SHA256
  
  90ca9c7f8b656d2104a812ce9ba2625c1ab3b6ae346df7e6f01c838bf8990bda
- SHA512
  
  e9711f909d5a11bf7431ea2000f3200e4e206dd53cf1a4ffd4a8fbe0ce974be37878e3c3a2738b3fbeb26acd48a3f04b547e0b3c89884a5d1a74c2d496739a5c
- SSDEEP
  
  24576:o53uhF1ekWz2q28OV0vn0IGFr6s/5iHkNTAskAuQ:o5+hF1CPhOavGFmsB2kN0szuQ
Score

10^/10

raccoon e2b58b2c24d80fcfd249021c5a21ac97c09e40a1 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoone2b58b2c24d80fcfd249021c5a21ac97c09e40a1discoverystealer

behavioral2

raccoone2b58b2c24d80fcfd249021c5a21ac97c09e40a1discoverystealer

© 2018-2024

Terms | Privacy