ioc[.]one - OSINT Cyber Threat Intelligence Database

BRIEF: Raccoon Stealer Version 2.0

Tags

cmtmf-attack-pattern:

attack-pattern:

Data Direct Command And Scripting Interpreter - T1623 Component Object Model - T1559.001 Credentials - T1589.001 Data From Local System - T1533 File Deletion - T1070.004 File Deletion - T1630.002 Gather Victim Host Information - T1592 Gather Victim Identity Information - T1589 Hardware - T1592.001 Indicator Removal On Host - T1630 Inter-Process Communication - T1559 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Path Interception By Path Environment Variable - T1574.007 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 System Language Discovery - T1614.001 System Location Discovery - T1614 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Session Cookie - T1506 Web Session Cookie - T1550.004 Tool - T1588.002 Standard Application Layer Protocol - T1071 Browser Extensions - T1176 Command-Line Interface - T1059 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 File Deletion - T1107 Indicator Removal On Host - T1070 Process Discovery - T1057 Screen Capture - T1113 Software Packing - T1045 System Information Discovery - T1082 User Execution - T1204 Indicator Removal On Host Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	f8299892-5a31-4ede-87fb-5424c48314f9
Fingerprint	9e98bad0662fb649
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 30, 2022, 5:56 p.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	BRIEF: Raccoon Stealer Version 2.0
Title	BRIEF: Raccoon Stealer Version 2.0
Detected Hints/Tags/Attributes	84/2/69

Source URLs

	Redirection	Url
Details	Source	https://www.zerofox.com/blog/brief-raccoon-stealer-version-2-0/

URL Provider

Details	Provider	Source level domain
Details	zerofox.com	www.zerofox.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	wiwirdo.ac.ug
Details	File	96	wallet.dat
Details	File	71	nss3.dll
Details	File	51	msvcp140.dll
Details	File	69	vcruntime140.dll
Details	File	51	mozglue.dll
Details	File	44	freebl3.dll
Details	File	41	softokn3.dll
Details	File	104	sqlite3.dll
Details	File	8	nssdbm3.dll
Details	File	2	azne.exe
Details	File	1	pm.exe
Details	File	4	cc.exe
Details	File	7	rc.exe
Details	sha256	4	048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059
Details	sha256	1	0661dbb6a0ff7d84c25ae7dd840cefd470279346bd476f1cff5d766f0902a277
Details	sha256	1	0b7d9b786726641c28afda4f641baa4811e0d4c8937748075e61611843e94234
Details	sha256	3	0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
Details	sha256	4	263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693
Details	sha256	4	27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577
Details	sha256	4	516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
Details	sha256	1	5e614758b6344d6aa9619a75c110b9af4ea2dc1b1103c542e5d10e8d5fc2d66a
Details	sha256	3	7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269
Details	sha256	1	79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51
Details	sha256	1	8655a544a26bade11fbda736c2af2a475ed12f2150efce7f0500b6fc6d317cb8
Details	sha256	1	89a718dacc3cfe4f804328cbd588006a65f4dbf877bfd22a96859bf339c6f8bc
Details	sha256	3	960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63
Details	sha256	3	99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac
Details	sha256	1	9e239b12c8cc7f5f7fc0a46121aa5dbfd82306f08c4b04a6ac9f61495ecd410b
Details	sha256	4	9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42
Details	sha256	1	bc15f011574289e46eaa432f676e59c50a9c9c42ce21332095a1bd68de5f30e5
Details	sha256	1	e514d7ee18dbe841e411f03dd6e0f498b509599d81d15c0945325070cdc8c687
Details	sha256	1	f20dcb9477e356e91e1b00abc351f749739f98ca395840ae3062d6cebc72f85b
Details	sha256	1	f9c4d451f8c9d4e546e67348c4cc2e8810aa5c39d4fabe1ee891408a0bc53043
Details	sha256	1	fb26544d45a1166e15e37853786f0b98ff876d1ce94c240a0f3bc2f9a8fb258f
Details	sha256	1	fba1005e8c248ec460e6c13cb38759bd70d9db4882f88f651b194ab1800e656c
Details	IPv4	2	5.252.22.62
Details	IPv4	4	45.142.212.100
Details	IPv4	1	51.81.143.169
Details	IPv4	1	51.195.166.171
Details	IPv4	2	51.195.166.175
Details	IPv4	1	51.195.166.176
Details	IPv4	4	51.195.166.184
Details	IPv4	2	51.195.166.201
Details	IPv4	2	62.113.255.110
Details	IPv4	1	80.92.206.126
Details	IPv4	1	80.92.206.215
Details	IPv4	2	85.202.169.112
Details	IPv4	1	188.215.229.203
Details	IPv4	2	193.106.191.146
Details	IPv4	2	194.156.98.151
Details	MITRE ATT&CK Techniques	50	T1592
Details	MITRE ATT&CK Techniques	16	T1589.001
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	25	T1559
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	444	T1071
Details	Url	1	http://wiwirdo.ac.ug/azne.exe
Details	Url	1	http://wiwirdo.ac.ug/pm.exe
Details	Url	1	http://wiwirdo.ac.ug/cc.exe
Details	Url	1	http://wiwirdo.ac.ug/rc.exe