raccoon | c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
10/12/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de53e8d73fe96e1ceab93e3aee4751ec_JaffaCakes118.exe
Size

512KB
MD5

de53e8d73fe96e1ceab93e3aee4751ec
SHA1

98e010e66213ba828ead9debe86263bca9407509
SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8
SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5
SSDEEP

12288:fRsfBhcYd7iRAe5warGb9jeCqiXY/dmHwuLbUKKbenqMBlL:6TcBy+ujeCqqKdmHNLYK1blL

Score

10^/10

raccoon fd16367b73441d6f39c715f71a74a399a84f0b41 discovery stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

fd16367b73441d6f39c715f71a74a399a84f0b41

Attributes

url4cnc
http://teletop.top/terra11nc

http://teleta.top/terra11nc

https://t.me/terra11nc

rc4.plain

Signatures

Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer V1 payload 5 IoCs

resource	yara_rule
behavioral1/memory/620-2-0x0000000000920000-0x00000000009AE000-memory.dmp	family_raccoon_v1
behavioral1/memory/620-3-0x0000000000400000-0x0000000000490000-memory.dmp	family_raccoon_v1
behavioral1/memory/620-5-0x0000000000920000-0x00000000009AE000-memory.dmp	family_raccoon_v1
behavioral1/memory/620-7-0x0000000000400000-0x0000000000490000-memory.dmp	family_raccoon_v1
behavioral1/memory/620-6-0x0000000000400000-0x00000000008AF000-memory.dmp	family_raccoon_v1

Raccoon family
raccoon

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de53e8d73fe96e1ceab93e3aee4751ec_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\de53e8d73fe96e1ceab93e3aee4751ec_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\de53e8d73fe96e1ceab93e3aee4751ec_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/620-1-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/620-2-0x0000000000920000-0x00000000009AE000-memory.dmp

Filesize
568KB

Download
memory/620-3-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/620-4-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/620-5-0x0000000000920000-0x00000000009AE000-memory.dmp

Filesize
568KB

Download
memory/620-7-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/620-6-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download