raccoon-stealer

Analysis

Raccoon stealer is a Malware as a service (MaaS) launched in 2019, some functionality of the raccoon stealer is to grab cookies, stored passwords, auto-fill data and cryptocurrency wallet data, the operations of the raccoon stealer were suspended after the death of a major developer during the Russia-Ukraine war.

In June 2022, many malware researchers identified the emergence of raccoon stealer 2.0 as it was found to be sold via telegram, its functionality was found to be like its predecessor, it was advertised as it has the capability of a loader and stealer.

Some of the targeted applications of Raccoon stealer 2.0 are mail applications such as outlook and thunderbird, and browsers such as Microsoft Edge, Chrome, and Firefox.

 

Delivery

Some of the known delivery methods of raccoon stealer 2.0 are delivered through emails and files.

The Raccoon stealer was also identified to be distributed through fake installers and cracked version of the software.

 

Prevention

  • Be aware of phishing emails, and never open emails, or files from an untrusted source, if the context of mail is important and suspicious, reach the IT security team of your organization.
  • Never download software from an untrusted source.
  • Organizations must define the detection rule, based on the signature of the Raccoon stealer in the defensive applications.

 

IOCs (Indicators of Compromise) for Raccoon Stealer 2.0

• 03a8531989aeeec1befecbba4f3ee218309306224bd22b7e52104537e32bacd6

• 056a3022c5e70d112e82844d1101e1a591b02960ae0609f06e9930a3f3bd6efa

• 084754ed1f495ee48a0bfe70b6b5c33ed17bfa129ad03356356ff3a5bf3c46f0

• 0adc96946d9806969375212cfd5012f93cb205c1008b935f6886ba0ffe7fe262

• 0bc3aa6b692b3873dfdd6942fb0eaba7aab391f1d154df80be1193aa792df0c2

• 0fb5b0562e81ae2a89f61b25cca023adf7f370fe049508c96c6bcf898a63e4d7

• 20ca741b731753f1bc981bfceb747dc8f4afb2aeb8694de63114a53d23812161

• 2c7563c76c710a3988c14b8246fd8864c37c08b723b0a24e0f4aa876cc5f73c8

• 40daa898f98206806ad3ff78f63409d509922e0c482684cf4f180faac8cac273

• 494df1513b13c70b1472282b80bdf1a9399ae0d16a90275a5c9fe7cfda6afd0d

• 502f0a6587cf2d084e98f5edc12192e1ca37515bdf7364511415d615be2e6aa7

• 516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e

• 567bd8dd69485d8f79edad514e54c085af1490dcc5461a01ee79e57e138b9b10

 

References

SOCRadar

SEKOIA.IO

 

Feed Link:

https://github.com/SEKOIA-IO/Community/blob/main/IOCs/raccoonstealer/raccoon_stealer_iocs_20220628.csv

 

 

# Managed Security Services

Recent Threat Bulletin

A report on Jenkins CVE-2024-23897 vulnerability
Ivanti Zero-Day Vulnerabilities: Connect Secure and IPS
Unmasking Androxgh0st: A deep dive to safeguard your network

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.