raccoon | 222d641b1f9a151d85aaca0649165be834f0bcc1e6a74feff573f51b70a6049a | Triage

Sharing

General

Target

JaffaCakes118_222d641b1f9a151d85aaca0649165be834f0bcc1e6a74feff573f51b70a6049a
Size

5.6MB
Sample

241229-d8rh1a1pdz
MD5

90584882d3159a316c556bc89ba6edfe
SHA1

d8f3dad34d89a63bbbd143affc3bdcdd46eca4ce
SHA256

222d641b1f9a151d85aaca0649165be834f0bcc1e6a74feff573f51b70a6049a
SHA512

7cc165d57d238eab1a9bc70fc02b4b8b8a47a7986747fa452d3b7bdb11bab6392c8994614d2431e04a5db7034ca023a81304978f9791d16e608c9fc87fbcc98e
SSDEEP

98304:XYFZCn51Oly7bPWA7r7Fn7+Os8qQE1vLVggSJsIq/YJEm/tBHnS+eIpRWUOl:IiGY7bz7J0QEBVgmyE03gUO

Score

10^/10

raccoon 8eb14caca01131f5f4ff62ef8a0fcab4 discovery evasion stealer trojan

Malware Config

Extracted

Family

raccoon

Botnet

8eb14caca01131f5f4ff62ef8a0fcab4

C2

http://5.252.23.54/

http://77.75.230.70/

Attributes

user_agent
mozzzzzzzzzzz

rc4.plain

Targets

- Target
  
  ff15d4b5791553472feda624bf8f7f2acc6f9889591d21785a2a4f00e63cb40f
- Size
  
  385.4MB
- MD5
  
  db20dc2b6cf644ee63b7420d7573faea
- SHA1
  
  107403769cc759179de3f3228744da9efa9e321d
- SHA256
  
  ff15d4b5791553472feda624bf8f7f2acc6f9889591d21785a2a4f00e63cb40f
- SHA512
  
  342759564bdb028f1c5a44683047bec1a6ed10c04b35d3d7933dfb2eb9bc22f59399ed98c9dcd77cbe727357d4f981b820c90ed9a52861d01f3aace9974cd4fa
- SSDEEP
  
  98304:q8JKGg+7VGUqKjsMZI5T/NKqsuJmnZylgG+ooDevcmP1fw3xLCZMMY:BJy+5GUqx5wqsHXe7Ppw3lr
Score

10^/10

raccoon 8eb14caca01131f5f4ff62ef8a0fcab4 discovery evasion stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Raccoon family
  raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon8eb14caca01131f5f4ff62ef8a0fcab4discoveryevasionstealertrojan

behavioral2

raccoon8eb14caca01131f5f4ff62ef8a0fcab4discoveryevasionstealertrojan