Raccoon Stealer | Malware Detail

Description

[Raccoon Stealer](https://attack.mitre.org/software/S1148) is an information stealer malware family active since at least 2019 as a malware-as-a-service offering sold in underground forums. [Raccoon Stealer](https://attack.mitre.org/software/S1148) has experienced two periods of activity across two variants, from 2019 to March 2022, then resurfacing in a revised version in June 2022.(Citation: S2W Racoon 2022)(Citation: Sekoia Raccoon1 2022)

External References

Techniques Used by This Malware

T1005 — Data from Local System
T1012 — Query Registry
T1020 — Automated Exfiltration
T1027.007 — Dynamic API Resolution
T1027.013 — Encrypted/Encoded File
T1033 — System Owner/User Discovery
T1041 — Exfiltration Over C2 Channel
T1070.004 — File Deletion
T1071.001 — Web Protocols
T1082 — System Information Discovery
T1083 — File and Directory Discovery
T1087.001 — Local Account
T1105 — Ingress Tool Transfer
T1113 — Screen Capture
T1119 — Automated Collection
T1124 — System Time Discovery
T1140 — Deobfuscate/Decode Files or Information
T1195 — Supply Chain Compromise
T1213 — Data from Information Repositories
T1518 — Software Discovery
T1539 — Steal Web Session Cookie
T1555.003 — Credentials from Web Browsers
T1560 — Archive Collected Data
T1614 — System Location Discovery