raccoon | f09199826117a1093997eb8a49cbb8864e7d8c09b51fcd00f43990ab95404cb1 | Triage

Submit
Reports

Overview

overview

Static

static

7

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

f09199826117a1093997eb8a49cbb8864e7d8c09b51fcd00f43990ab95404cb1
Size

5.7MB
Sample

250319-w3p24azwey
MD5

7135fb61caec80a8da3c47b957417d73
SHA1

17482a3398c6568436958acae34eeb58853df4c5
SHA256

f09199826117a1093997eb8a49cbb8864e7d8c09b51fcd00f43990ab95404cb1
SHA512

56a32af6ff2b78f6e359bcb1cbdbfdbf2bc850cf8262128c78c394f2bf84d97b66267aebd240223f33e97056cddb7affc39893e5b3fa175e5ad6ffaf99510f32
SSDEEP

98304:lqCaTEEwrCjWIqTTdaHcbPf6FjV1GiaLME3hTm84zDRqSR8w6S:lqCNESQWrHdaHdj+iaLTA8ovj

Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c defense_evasion discovery stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20250207-en

raccoon d4074b8c479181b90e810443a9405f3c defense_evasion discovery stealer themida trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20250314-en

raccoon d4074b8c479181b90e810443a9405f3c defense_evasion discovery stealer themida trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

d4074b8c479181b90e810443a9405f3c

C2

http://37.220.87.44/

http://94.131.3.70/

http://83.217.11.11/

http://83.217.11.13/

http://83.217.11.14/

Attributes

user_agent
901785252112

xor.plain

Targets

- Target
  
  Setup.exe
- Size
  
  452.2MB
- MD5
  
  c3b25a6bf3a32b7bd60b9576dbac3b37
- SHA1
  
  aae8ee759d2863471d129298a7a9e44438c9c7c9
- SHA256
  
  9d0f96a453ab3e3dce72b0d2408f8058d45bffe31da5370f3e4183667f0dc81c
- SHA512
  
  73b0f9c3c55254736bd2563c9ffd37be25cbdd1938c4cfa7c90cba9b75686449113597f8ba2c36fe07cc06b18a61fceb6148c660879be42a1921fb11477ec7f9
- SSDEEP
  
  49152:NAATgSv2pXsDtvpny01CY62z8Q7jzZ6CWwlmjXtW7c5Qi+nSaIy:NAAcSisBvpVLoQ7R8XtWLHIy
Score

10^/10

raccoon d4074b8c479181b90e810443a9405f3c defense_evasion discovery stealer themida trojan
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Raccoon family
  raccoon
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoond4074b8c479181b90e810443a9405f3cdefense_evasiondiscoverystealerthemidatrojan

behavioral2

raccoond4074b8c479181b90e810443a9405f3cdefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy