Raccoon

Malware updated 8 days ago (2024-10-17T13:02:18.397Z)

Download STIX

Preview STIX

Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $200 per month, providing an easy-to-use automated backend panel. The developers also offer bulletproof hosting and round-the-clock customer support in both Russian and English, promoting it initially on Russian-speaking hacking forums. Scattered Spider threat actors have used Raccoon Stealer to obtain various types of information including login credentials, browser cookies, and browsing histories. This was highlighted in the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" published on August 31, 2022. In addition, the FBI operates a website allowing users to verify if their email addresses were compromised by Raccoon Infostealer, indicating the severity of the threat posed by this malware. In March 2022, Dutch authorities arrested an individual named Sokolovsky, believed to be linked with the operation of Raccoon Infostealer. Concurrently, the FBI, along with law enforcement partners in Italy and the Netherlands, dismantled the Command and Control (C2) infrastructure supporting the Raccoon Infostealer, taking its then-existing version offline. Despite these efforts, the MaaS resurfaced later, prompting ongoing investigations by the United States, which does not believe it has recovered all the data stolen by Raccoon Infostealer.

Description last updated: 2024-10-17T12:24:36.297Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Raccoon Stealer is a possible alias for Raccoon. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacki	5
Azorult is a possible alias for Raccoon. Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb	3
Raccoon Infostealer is a possible alias for Raccoon. Raccoon Infostealer is a type of malware designed to infiltrate computer systems and steal sensitive information. This malicious software can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once embedded in a system, it can extract personal data,	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Infostealer

Maas

Credentials

Cybercrime

Phishing

Youtube

Ransomware

Trojan

Payload

Exploit

Infostealer ...

Email Addres...

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Redline Malware is associated with Raccoon. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further	Unspecified	8
The Vidar Malware is associated with Raccoon. Vidar is a Windows-based malware, written in C++, that primarily functions as an infostealer. It is based on the Arkei stealer and typically targets various types of data, using the ACR Stealer as an exfiltration module. However, in a unique twist, Vidar downloads the ACR stealer instead of stealing	Unspecified	7
The Lockbit Malware is associated with Raccoon. LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It typically enters through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage for	Unspecified	2
The Lokibot Malware is associated with Raccoon. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information	Unspecified	2
The Formbook Malware is associated with Raccoon. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o	Unspecified	2
The malware Avemaria/warzonerat is associated with Raccoon.	Unspecified	2
The Dridex Malware is associated with Raccoon. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta	Unspecified	2
The Mars Malware is associated with Raccoon. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting And	Unspecified	2
The Agenttesla Malware is associated with Raccoon. AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage	Unspecified	2
The NETWIRE Malware is associated with Raccoon. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at	Unspecified	2
The Lummac2 Malware is associated with Raccoon. LummaC2 is a dynamic malware strain, first identified in Russian-speaking forums in 2022. It's written in C and distributed as Malware-as-a-Service (MaaS). The malware has been actively exploiting PowerShell commands to infiltrate systems and exfiltrate sensitive data. In 2023, LummaC2's use expande	Unspecified	2
The Redline Stealer Malware is associated with Raccoon. RedLine Stealer is a type of malware, or malicious software, that infiltrates computer systems with the intent to exploit and cause damage. It typically gains access through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside the system, it can steal personal i	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Orange Spain Threat Actor is associated with Raccoon. Orange Spain, a major Spanish network provider, was disrupted by a cyberattack on January 3, 2024. The threat actor known as 'Snow' compromised Orange Spain's RIPE account, leading to significant internet outages. This incident underscores the vulnerability of critical internet infrastructure and hi	Unspecified	2
The Scattered Spider Threat Actor is associated with Raccoon. Scattered Spider is a financially motivated threat actor known for its sophisticated techniques and broad range of targets, including all major cloud service providers. This group seeks to maintain persistence on targeted networks, often using phishing to obtain login credentials and gain access. It	Unspecified	2

Source Document References

Information about the Raccoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	17 days ago	Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
BankInfoSecurity	18 days ago	Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
DARKReading	a month ago	Infostealers: An Early Warning for Ransomware Attacks
Checkpoint	3 months ago	22nd July – Threat Intelligence Report - Check Point Research
Fortinet	3 months ago	Dark Web Shows Cybercriminals Ready for Olympics. Are You? \| FortiGuard Labs
Securityaffairs	7 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU	8 months ago	ChatGPT credentials snagged by infostealers on 225K infected devices
CERT-EU	8 months ago	Alert: Info Stealers Target Stored Browser Credentials
Securityaffairs	8 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
BankInfoSecurity	8 months ago	Alert: Info Stealers Target Stored Browser Credentials
CERT-EU	8 months ago	Ransomware crews lean into infostealers for initial access
CERT-EU	8 months ago	Surge in ransomware, leaks and info stealers targeting Middle East and Africa – Intelligent CIO Middle East \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	8 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini
CERT-EU	8 months ago	Alleged Raccoon Infostealer operator extradited, verification site set up for victims - Help Net Security
CERT-EU	8 months ago	Alleged Raccoon Infostealer operator extradited, verification site set up for victims
Malwarebytes	8 months ago	Raccoon Infostealer operator extradited to the United States \| Malwarebytes
BankInfoSecurity	8 months ago	Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties
Securityaffairs	8 months ago	A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Securityaffairs	8 months ago	Security Affairs newsletter Round 459 by Pierluigi Paganini