raccoon | 808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b | Triage

Sharing

General

Target

808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b.exe
Size

10.0MB
Sample

250310-c1wbjsztcv
MD5

c127879c5fa90526ba316c4bffd85427
SHA1

3842cfd9949c83a4783bf8bc48ed5e6d629033bb
SHA256

808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b
SHA512

051abfcf0a325885c201a1a0e6e936d31b35d36838a585cadc7f6a29a23ac8bfb883b2e56c6960824b3143b78da17bf711b48a9ab3b997edf3e6f306301ceb5f
SSDEEP

49152:qq/f3J6UdlWunpHC2npAadqn3/FJovlO:q+cTMHC2npAao32

Score

10^/10

raccoon smokeloader eee94d533c0441c732ed7e18e494bdc6 x0x4 backdoor discovery stealer trojan

Malware Config

Extracted

Family

raccoon

Botnet

eee94d533c0441c732ed7e18e494bdc6

C2

http://45.15.156.16/

http://82.115.223.5/

http://82.115.223.6/

http://45.15.156.17/

http://82.115.223.7/

Attributes

user_agent
mozzzzzzzzzzz

xor.plain

Extracted

Family

smokeloader

Botnet

x0x4

Targets

- Target
  
  808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b.exe
- Size
  
  10.0MB
- MD5
  
  c127879c5fa90526ba316c4bffd85427
- SHA1
  
  3842cfd9949c83a4783bf8bc48ed5e6d629033bb
- SHA256
  
  808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b
- SHA512
  
  051abfcf0a325885c201a1a0e6e936d31b35d36838a585cadc7f6a29a23ac8bfb883b2e56c6960824b3143b78da17bf711b48a9ab3b997edf3e6f306301ceb5f
- SSDEEP
  
  49152:qq/f3J6UdlWunpHC2npAadqn3/FJovlO:q+cTMHC2npAao32
Score

10^/10

raccoon smokeloader eee94d533c0441c732ed7e18e494bdc6 x0x4 backdoor discovery stealer trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonsmokeloadereee94d533c0441c732ed7e18e494bdc6x0x4backdoordiscoverystealertrojan

behavioral2

raccoonsmokeloadereee94d533c0441c732ed7e18e494bdc6x0x4backdoordiscoverystealertrojan