raccoon

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4c9acf9fa885bf772564bfaa6771b776b45d0e8daa3ce0bf89b05f4d87085686
Size

28.0MB
Sample

241222-ar46zswlcp
MD5

3bc593929e39dac7323adaff05289a3d
SHA1

5d74f50f607471099b2253e70d2a22ee7ede88a9
SHA256

4c9acf9fa885bf772564bfaa6771b776b45d0e8daa3ce0bf89b05f4d87085686
SHA512

76cc33522d742f2795eb768860efb365cda5fc7e8d2474f64e3ce727abccd911c1fea5d385cc6cc92fbd780595d6c1438b402daf8c4d5487014e7bd50995efa0
SSDEEP

786432:LNbpA+bO+ZITHgL3rAsO9VhJnuWrsYY9wVhSCKailC4iShl:B+ZbA3zOnuOs/hCKailC47hl

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

2c73d7e0a06cb9ca26d08d25bf635c6d

http://45.9.148.139

Attributes

user_agent
TakeMyPainBack

xor.plain

Targets

- Target
  
  Burst Royale 0.9/BurstRoyale.exe
- Size
  
  732.5MB
- MD5
  
  3eb99d923ed92da5c43f8ae4cedf6784
- SHA1
  
  0098594b908f09e93ee41d02838ec0a498be7a3c
- SHA256
  
  ed317aeeab9ff4c081b91dc756533d578724bc0a089a6a503d5f5a37223c46c4
- SHA512
  
  27ef679748c91d5dd97ac102ae0ebff467b7aea14fea3bae8941f0baa52933f0f8209507a5b3db12f898e5e12f33c335299d6c475f4185fcea85f76af07eb1ce
- SSDEEP
  
  98304:QkGcBu0P/7t73pLkNxeKrt6qML5BcJ4rBQfoKvM97wu95YkI4HC78Uc8OgBGPQ:QkG+HPpZoeKcq8MSiffvs799a0i7We
Score

10^/10

discovery raccoon 2c73d7e0a06cb9ca26d08d25bf635c6d stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  infinst.exe
- Size
  
  68KB
- MD5
  
  45d4dac07aa361bcd77aa815d1724a16
- SHA1
  
  3bbdf7da5d51211ae269572961b5ebf508ada28d
- SHA256
  
  34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec
- SHA512
  
  d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be
- SSDEEP
  
  1536:dSKL6bzRYK/ixmu3XyhJRxjWhKfLXJ/y/Fae:dSKL62K/u3XmxCAfLXJ/y/E
Score

4^/10
behavioral3 behavioral4
- Target
  
  xinput1_3.dll
- Size
  
  104KB
- MD5
  
  bfb3091b167550ec6e6454813d3db244
- SHA1
  
  87e86a7c783f607697a4880e7e063ab87bf63034
- SHA256
  
  756cad002e1553cfa1a91ebe8c1b9380ffabe0b4b1916c4a4db802396ddfbef8
- SHA512
  
  ce2ead2480a3942081af4df4baee32de18862b5f0288169b9e8135cc710eb128f9a2b8a36bda87212c53fd4317359349c94d38b5da082638230dcb5669efede9
- SSDEEP
  
  1536:S1ea+pg4i1fprOwSGiExJ70MBzLrPbYMGsJ0OXrLSkfmrxy/Fae:S1nz1UrGiEPg0LH7GNO7LSkfaxy/E
Score

1^/10
behavioral5 behavioral6
- Target
  
  xinput1_3.dll
- Size
  
  79KB
- MD5
  
  77f595dee5ffacea72b135b1fce1312e
- SHA1
  
  d2a710b332de3ef7a576e0aed27b0ae66892b7e9
- SHA256
  
  8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
- SHA512
  
  a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746
- SSDEEP
  
  1536:TVeqvNS6T6jxeEsU6b0xZtDDVb9X8u9JA7zitdrz/R8cy/FaeBD:TVeqvNOeFgxZ9DVVtRBy/EeD
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Burst Royale 0.9/DirectX/DSETUP.dll
- Size
  
  87KB
- MD5
  
  9e0711bed229b60a853bcc5d10deaafc
- SHA1
  
  2bea53988bd35c5df5c9edcef0bc234c37289477
- SHA256
  
  def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0
- SHA512
  
  c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185
- SSDEEP
  
  1536:OtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCH:OtAvG5mOEll4Roi2pVVFKJuTVtXVpS9a
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  Burst Royale 0.9/DirectX/DXSETUP.exe
- Size
  
  524KB
- MD5
  
  ddce338bb173b32024679d61fb4f2ba6
- SHA1
  
  50e51f7c8802559dd9787b0aebc85f192b7e2563
- SHA256
  
  046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de
- SHA512
  
  7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4
- SSDEEP
  
  3072:ti6LKecn5W6VOX6dRJar+GHs6Hl56MA6rKmMH2/5Mjt4zT1mFDYkCIEVNUrlfw0I:3F0JarNX6hWs4VRKs
Score

4^/10

discovery
behavioral11 behavioral12
- Target
  
  Burst Royale 0.9/DirectX/dsetup32.dll
- Size
  
  1.7MB
- MD5
  
  0f58ccd58a29827b5d406874360e4c08
- SHA1
  
  ba804292580be6186774e7f92e6dfb104e46bf25
- SHA256
  
  642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb
- SHA512
  
  3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4
- SSDEEP
  
  49152:MjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWq:YIjma
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  dxdllreg.exe
- Size
  
  78KB
- MD5
  
  967240f77a123434ce212ed77276dea1
- SHA1
  
  ac1ff591a5ba91b382578fb9f9b38d2de6379bf6
- SHA256
  
  b6f134915bac6d630adb04d69f6944462bf5adfce2182f2908c2fb1bdd2da2fb
- SHA512
  
  30efe2e1e3e8221a0b368eec5a7e030efb04fd3f4f9d3f678d0eb2f7af1c5d5484d8bd7c8bcfd0bf349b87a34e6d779e7966fe004c7defa12eee4a33bc51af07
- SSDEEP
  
  1536:c3yqLKmzPYxsbQwTu9pS7OOC8c4aEuW/jGboizXyz36WBAOMhowYkrgHB3DSSSS7:wyqLKmzPYxt9PJh4aEuWKbx7WmDhDgHF
Score

4^/10

discovery
behavioral15 behavioral16
- Target
  
  dxupdate.dll
- Size
  
  168KB
- MD5
  
  94202f25810812f72953938552255fb8
- SHA1
  
  c1e88f196935d8affc1783ccf8b8954d7f2bfb62
- SHA256
  
  6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564
- SHA512
  
  65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e
- SSDEEP
  
  3072:By6LKSOwGi/9S7BLfsdg3/Vhxo4yYbfBu20jPzwRFvxdGF4EdRDWXGTHzh/KV8ce:4wGaI5W4/Vhxo4BJV0jLwTGF4IDdPEe
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Burst Royale 0.9/Engine/CompareTamplateFile/new summary.pdf
- Size
  
  14KB
- MD5
  
  06b1bdd2b5377b5134902264e3e8510d
- SHA1
  
  830eda5f9d654e0e3be2a2e392fd858aa5544348
- SHA256
  
  7a672f4968e0ad942187d411784a5fcc085ade18a681ca1fdf9217d0ce6cac2a
- SHA512
  
  1d9ad92e257d2ace2a0036a5ea4518a8b7b7d00f721e77a16c864732d58c834991d09d24d16c833e3821c04d0125baf89ee78e1960164dc4f5bfb87c2b296a1e
- SSDEEP
  
  384:r0oQix62ZmXTCM+M2CbNtOf2RUj37mMzigRpq3JeDVQQn3Z1GYoAcEva:IoQix62ZmXTCM+M2CJtOf2RUj37mMziJ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Burst Royale 0.9/Engine/CompareTamplateFile/old summary.pdf
- Size
  
  8KB
- MD5
  
  a1038e481049b723eae0cccb16a2be03
- SHA1
  
  e1cf008fb7429763dfee7fb42398463251a21cf4
- SHA256
  
  312ccb45021cf9df3cbcd56421a259a7c1ee961f9be010871a198c3b9a4f4793
- SHA512
  
  292f559e8a7e9366fddb02a0500a2ec58df8017d1a42a104314545e16572e5905102f8093478d298125b100cfec65a16372eb345acee271d0d03bf5dadf2ad8b
- SSDEEP
  
  192:P2hD39ovv+BvdpUhLwhVj6ao93kMR/rr/N:P2hD39ovv+BvdmkhVj7g0mZ
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Burst Royale 0.9/Engine/CompareTamplateFile/summary Legend.pdf
- Size
  
  8KB
- MD5
  
  cf7573604f9c1594ae61f860ac3f2c95
- SHA1
  
  e6eccdd13c41232377d21bc471c161bf6ec3505a
- SHA256
  
  0c50a31f3b69ce9a52a681254c209fa43ad66745198c835ee80b132922344522
- SHA512
  
  6581ee1f537c912678182520c9081c3c75d04518f79da39b910f6d4726d38e9f7a5965ed26989c90c36a0b55ddb76d3662f1b3c51912a65d0473bbfe66a4513b
- SSDEEP
  
  192:bTJRTGocctDiuQFiiF0FoF8k0YGPq7gVpr:bTJRTGoccBiuQFiiF0FoFP0YGi7+pr
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Burst Royale 0.9/Engine/FxCEF/cef_100_percent.pak
- Size
  
  642KB
- MD5
  
  293d34ba795d03629250b58652a4481d
- SHA1
  
  5df428b8b1d8584f2670a19224b0a3a11368b8f5
- SHA256
  
  adf4bcc813d9a6adeeff8a65fd671a4e4eec89da6c25e11200b75e1967d1ed27
- SHA512
  
  479f18ca723a67356ae80f323584fcc6bae8394f7d018b909f66903d9d2ba926a528cb95e04c4934bce56f8c41c66bc9b94c1765b16925a0eb5e44505fd8e2bb
- SSDEEP
  
  6144:lE4wA5HcSjalRrd0E6mdXRU1o5zwVyT5TNhx5c1YC7x10fSucY7OP2ITQ:lE4wAKL5Tbgf1d/dQ
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Burst Royale 0.9/Engine/FxCEF/cef_200_percent.pak
- Size
  
  793KB
- MD5
  
  e4e531e1401a0a1ffb48ab236e5a59d1
- SHA1
  
  5fa7d4173d0a43610378ac26e05701b0f9f9222d
- SHA256
  
  acff17e021799cbf549cef405ab808eda9b5e5a6ce7286a038aac2f898e2ac1e
- SHA512
  
  2979c23778b68c39c2ad20e65671bfdcb274c449d173f49f365691ddf5c4f3692f5820c5f7474f671f1408e34e1f97bd62bfa718cdf8b45af151380817788745
- SSDEEP
  
  6144:mA5HcSjalRrd0E6mdXRU1ojDQYaR+9bGHgs4jTl+TNNz73QYV85u/oFYvwoytKiM:mAKwfIegs4jTITDg5u/oFFpxLlFYb
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Burst Royale 0.9/Engine/FxCEF/cef_extensions.pak
- Size
  
  1.7MB
- MD5
  
  ca68b0881edcff3557fe62b8c063b882
- SHA1
  
  f6f0a23c371b11730a975c92f5e0d0df734ca9c3
- SHA256
  
  e1a0f920670b0dbb35109c64a7e7fcf1e6390b3c80cc1489160f6645eef59d65
- SHA512
  
  d31ce7b6f7ab270fdcfd64887b5b9e82843a1ace8f9196c261d6c5181883bd9cea07f0d9df77c9c60e9a1a2b9e14debb9546d6393c3828abf5ea3e9b5a6a0975
- SSDEEP
  
  49152:PezU5VhBDew6N0G1hdAKeBkIBak0xHgryM7PdR:a1h8BaJgGMLdR
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Burst Royale 0.9/Engine/FxCEF/error/en-US/error.html
- Size
  
  3KB
- MD5
  
  a80ce5096a8c14231cdc7125c0e41dfe
- SHA1
  
  5ed2d7eb3fd5d12e7465c0728934c83443bbc2a1
- SHA256
  
  976675c7bbf80db12765a17985f492f3386dea55c11cba78517234218eeed83c
- SHA512
  
  06284ad305e89d947aa74bf5f7c30f2243c29396d5f07c3643750ea587ef760d9e2fb663bc7699d4aafab189d05e5d9e20c739e99a339a4ebb8ce4b94b24d8ef
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32