Raccoon stealer is a Malware as a service (MaaS) launched in 2019, some functionality of the raccoon stealer is to grab cookies, stored passwords, auto-fill data and cryptocurrency wallet data, the operations of the raccoon stealer were suspended after the death of a major developer during the Russia-Ukraine war.

In June 2022, many malware researchers identified the emergence of raccoon stealer 2.0 as it was found to be sold via telegram, its functionality was found to be like its predecessor, it was advertised as it has the capability of a loader and stealer.

Some of the targeted applications of Raccoon stealer 2.0 are mail applications such as outlook and thunderbird, and browsers such as Microsoft Edge, Chrome, and Firefox.



Some of the known delivery methods of raccoon stealer 2.0 are delivered through emails and files.

The Raccoon stealer was also identified to be distributed through fake installers and cracked version of the software.



  • Be aware of phishing emails, and never open emails, or files from an untrusted source, if the context of mail is important and suspicious, reach the IT security team of your organization.
  • Never download software from an untrusted source.
  • Organizations must define the detection rule, based on the signature of the Raccoon stealer in the defensive applications.


IOCs (Indicators of Compromise) for Raccoon Stealer 2.0

• 03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6

• 056a3022c5e70d112e82844d1101e1a591b02960ae0609f06e9930a3f3bd6efa

• 084754ed1f495ee48a0bfe70b6b5c33ed17bfa129ad03356356ff3a5bf3c46f0

• 0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262

• 0bc3aa6b692b3873dfdd6942fb0eaba7aab391f1d154df80be1193aa792df0c2

• 0fb5b0562e81ae2a89f61b25cca023adf7f370fe049508c96c6bcf898a63e4d7

• 20ca741b731753f1bc981bfceb747dc8f4afb2aeb8694de63114a53d23812161

• 2c7563c76c710a3988c14b8246fd8864c37c08b723b0a24e0f4aa876cc5f73c8

• 40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273

• 494df1513b13c70b1472282b80bdf1a9399ae0d16a90275a5c9fe7cfda6afd0d

• 502f0a6587cf2d084e98f5edc12192e1ca37515bdf7364511415d615be2e6aa7

• 516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e

• 567bd8dd69485d8f79edad514e54c085af1490dcc5461a01ee79e57e138b9b10






Feed Link:




Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.