raccoon

General

Target

malware.7z
Size

688KB
Sample

250323-zbkj3svsc1
MD5

8f96070ece15d2ac7bd98e89e8f9119b
SHA1

7fa4661d75a2c40d1abe540dcc58f9fe0bba9962
SHA256

fc692e62d466b316c3d0174fdbe6fa6d778e47e29b356a39d9a8f3df1e4a571d
SHA512

14917b01f4083d676cdd7afde76c136c2a4fbed8d1bfad3be850b53dbb2bb3168ab26a9a8c288e203806e89efacae2f943da279636f75c11c9fb9faf22534a01
SSDEEP

12288:8iOQ2snGfsgFZvXGHlaMUM5X/uOIPGzDbWoKtEnImpOPySv6eeRPPHsrmI8qzLPT:3DG0gFZfGHltDPujPqu2Pp8yVRPPAjvT

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

28.3

Botnet

651

C2

http://manillamemories.com/

Attributes

profile_id
651

Extracted

Family

raccoon

Botnet

4ea2de23519e3f57fa6e68e00db8cdfa44e74741

Attributes

url4cnc
https://telete.in/char0nsevenll

rc4.plain

1
$Z2s`ten\@bE9vzR

rc4.plain

1
4670fbb88c3afb06e6bd99684aa03b8e

Targets

- Target
  
  0
- Size
  
  449KB
- MD5
  
  7b20f5c61780fe383f45ca6e18ed5a6a
- SHA1
  
  bc9bfd59f0cde312cd9a0d20784887fed9b8c836
- SHA256
  
  26ccbcb079b3f0cc183293351c40da3146d2ddec9b4d6cd314090cfab94834df
- SHA512
  
  8a63f6ad20fe18bd49d055ae05bc81fe30d0ebfb25a37428b17b43569b53bf2560f0de8f993f62a2f5d458db78e6d24ad71fca8d7fd1133d3cb499dff356e68b
- SSDEEP
  
  12288:r7fSQUrrX/pC2Hwxx/Pb1JTUPd0o7Vzl:rzynxmPrrTUPdL7VJ
Score

10^/10

raccoon 4ea2de23519e3f57fa6e68e00db8cdfa44e74741 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Raccoon family
  raccoon
behavioral1 behavioral2
- Target
  
  1
- Size
  
  544KB
- MD5
  
  b8181cb72764c24e73c7b6204b16bed6
- SHA1
  
  c430cc4776ff5e21d08bca9a0d73cfaf29108fa4
- SHA256
  
  fdb5a0d4e97ee36d2b23605b0d8a2785d08d046058f07a8714e4908e8a2485a2
- SHA512
  
  bd63970b846bfdc6990b803e12028c692bc3f3125df03c3b9ec4626e1ce56dc43313d37c71337868ade0e4da31a5eca971b453242829b7312eb7efd2a407de1d
- SSDEEP
  
  12288:WPWVd0taaWew/8s63jxtNAcbYl7rvO6FFo/JVWOPx3/y:cGWcQwcTxth0lHvHoxVWOP
Score

10^/10

vidar discovery spyware stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  3
- Size
  
  97KB
- MD5
  
  499ccc8d6d7c08e135a91928ccc2fd7a
- SHA1
  
  78b2b70ad8e49cd2e8518501a29d1af1e714a16f
- SHA256
  
  1fa5d83a5766556cf2ff16ad279e73cb40584746bd388e0a4e818a2cc06613d3
- SHA512
  
  0f891ce5fb557a9a03644d83df15f0326f4caef42c00e484b8e88182b6414f419ecf010e66db308b9ea48dbb4544f3cb16338e5d813e98051415dffb7ea7a4c2
- SSDEEP
  
  1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o7:kzgjO/Zd1RePDmZ8tf05iW4u
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6