raccoon | 9e4ce12e22cb5f214591dd3c369f9eb114f21f956e3a5d099483935d426a4ac1 | Triage

Sharing

General

Target

JaffaCakes118_9e4ce12e22cb5f214591dd3c369f9eb114f21f956e3a5d099483935d426a4ac1
Size

9.1MB
Sample

241221-2rh3assmex
MD5

e9f6c03b7923f50279956388a9161883
SHA1

aab161d6dd34bed33275b2e798fc952142e469a4
SHA256

9e4ce12e22cb5f214591dd3c369f9eb114f21f956e3a5d099483935d426a4ac1
SHA512

3b51928aef92dd7d7395a1c0753217d16f74bab318b6c86351136022abf9e4f802940dddd94cc5248030e517adde07f797c625c159785db6ed9aebef15bf8cfd
SSDEEP

196608:wkXgcWoYFn8zauXyz7chBRrIpq3yhhlgu0bEOzRgQSzfhCK9u3B:RgroYFn8zPbJeqiDeeQAhCAuR

Score

10^/10

raccoon cf2a14f386eb5250ef280df942436e77 discovery execution stealer

Malware Config

Extracted

Family

raccoon

Botnet

cf2a14f386eb5250ef280df942436e77

C2

http://88.119.171.209/

Attributes

user_agent
TakeMyPainBack

xor.plain

Targets

- Target
  
  Readm.md/cef.pak
- Size
  
  5.8MB
- MD5
  
  dee83c9b0a2e80605f66315dca8ab4ec
- SHA1
  
  3cd5c60c537259232ff81e314f453cb2d1f3d836
- SHA256
  
  60ef7be6890f6615d891d9d0c8cd5c4627347fbc6b9d9f2c64afd72bfb2c8aee
- SHA512
  
  34762449bdec0bc55e5b787b32c0e780da3c55e893ebb88f9458bdc577777e1a13f48e07511d4fe99bd9234e5bd1c06295a091f7583614d51f155e2d76885fda
- SSDEEP
  
  49152:uAk3OQzYg/JTKxwYw25o2aoQUlhaX3ubjjwJbeuR3oSyPQolWhqwsX1I8GAau0BH:N/wr3uThqCE+yWywXpg
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Readm.md/cef_100_percent.pak
- Size
  
  271KB
- MD5
  
  11a8c10579ce2ec75214f5d54e4acae8
- SHA1
  
  b5d2f8fabd25ee2ca97954ae19e73953fb16ae31
- SHA256
  
  08352285ef68bed4fe2d0638ace02beaeb588b7a4ba639fa63ff9c08783ac1d1
- SHA512
  
  db48726d0f1af3b3623405d1e5e6d7f65cfacd14aa61b097d898c7feccf46f354bf313378c1ad1ba57480ad290af7aac33c4b35b774eb758437f490192a5a0b8
- SSDEEP
  
  3072:8F1LmwL6usNjCjzkJsqpL88CRPp4kBMPck/bdpXTUPCnbOMl7t5SwOjWXxpKaX+N:Y1aI/UzfTmMbDl73SPShS1YZ8stk
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  Readm.md/cef_200_percent.pak
- Size
  
  374KB
- MD5
  
  7f06123fd09547a8337907fa85dbb4cb
- SHA1
  
  40461dec4468db6a12756de55ff8f939c4c04036
- SHA256
  
  fcfd1fb942d1e7ad49448edf53f78824f8b35f6ee61bb578ffe4f76ae1460969
- SHA512
  
  8fa58d2f2c9378e8bcb83a5c2949488045ff7c70505f79d1b6d947b1482fc7cffee8582d2d1ba63695deae39c2b6036b5a6ba7c4620ef4b341a7633d0f2c3acd
- SSDEEP
  
  6144:kI/ItF7fr5sHB6soHgs4jTl6bH3lSW9X3klLwodVvowoRa9QXJ:f/ItF7fyh6jgs4jTo3zHq3isa
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Readm.md/chrome_elf.dll
- Size
  
  433KB
- MD5
  
  d0a014abef7e4b74e9f1ad2933a1bf12
- SHA1
  
  5f895f244e88912f3d1d0602ee154b538701c0de
- SHA256
  
  9a5a2fa253aedf6a131cbd1d6c2e77c33ee116a245afa8319421de0dfe518303
- SHA512
  
  575fda7b8da29a40ca636eec9a3d08ce70a5cd59d5211476f3c126a8c81ae736df59c965dcca859bcff90b83240276daae4674194ff7437d7b984a670202ff8c
- SSDEEP
  
  6144:mJMF2l7Xo4E9DSuCq8+UW543vs+5URaAUlS196jBimneQgwBxrFAOHV7GFTK0uQ5:mod9Db5Ys+5QaAUlS196jQ47VFFEFnX5
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Readm.md/wow64/YandexDisk3ShellExt-1511.dll
- Size
  
  950KB
- MD5
  
  62985a9dd149cbe7d518cdefd6abed78
- SHA1
  
  4724c802e7a1c82bc1932f6acdc9057188d268a5
- SHA256
  
  4637c2a9554bc0289a4789a538b09221a216ef74644bcd05a50bc334d17cf306
- SHA512
  
  434af6b17c7bc615d5b195000996f09d0482720974c03926bb48c6fbe200a73f97ddad17fedbcff3ba1232439662aa65046c9c1158b15bb2faeab2e24e685864
- SSDEEP
  
  12288:oxIDiqMK2jSR6327g6uh7/jUvUc/8iElCf/FQ7jp9nJAY4Q/0UtdOXat+j+uq11/:eIajqf/FQ7jWQ/zt+jI11
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  lnstaIIer .x64.exe
- Size
  
  721.0MB
- MD5
  
  ee565419e54ff8de8d71828451689736
- SHA1
  
  96efd5bdd34d6d1718559af2402e171b346f4c77
- SHA256
  
  29c4b60a24c0eef090b656c1a33b0284a778232f422a4fb400ce1975bf21d45a
- SHA512
  
  69273467477303dfddc05a663f540968356e08d4aea7a4bd11510a5729dcd8ff80386754e3c7efadea532c7fe359fa6436782c350323bbf60c2efe1b005565f4
- SSDEEP
  
  98304:y9EALOORkif751Ic2+a8fsf7xrkKDCIwl7llkCwpqfRzWOmCuOONWiR:ydi4XrXa8f0533wlDlUepXi
Score

10^/10

raccoon cf2a14f386eb5250ef280df942436e77 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

raccooncf2a14f386eb5250ef280df942436e77discoverystealer

behavioral12

raccooncf2a14f386eb5250ef280df942436e77discoverystealer