Raccoon

Malware updated a month ago (2024-10-17T13:02:18.397Z)

Download STIX

Preview STIX

Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $200 per month, providing an easy-to-use automated backend panel. The developers also offer bulletproof hosting and round-the-clock customer support in both Russian and English, promoting it initially on Russian-speaking hacking forums. Scattered Spider threat actors have used Raccoon Stealer to obtain various types of information including login credentials, browser cookies, and browsing histories. This was highlighted in the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" published on August 31, 2022. In addition, the FBI operates a website allowing users to verify if their email addresses were compromised by Raccoon Infostealer, indicating the severity of the threat posed by this malware. In March 2022, Dutch authorities arrested an individual named Sokolovsky, believed to be linked with the operation of Raccoon Infostealer. Concurrently, the FBI, along with law enforcement partners in Italy and the Netherlands, dismantled the Command and Control (C2) infrastructure supporting the Raccoon Infostealer, taking its then-existing version offline. Despite these efforts, the MaaS resurfaced later, prompting ongoing investigations by the United States, which does not believe it has recovered all the data stolen by Raccoon Infostealer.

Description last updated: 2024-10-17T12:24:36.297Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Raccoon Stealer is a possible alias for Raccoon. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacki	5
Azorult is a possible alias for Raccoon. Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb	3
Raccoon Infostealer is a possible alias for Raccoon. Raccoon Infostealer is a type of malware designed to infiltrate computer systems and steal sensitive information. This malicious software can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once embedded in a system, it can extract personal data,	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Infostealer

Maas

Credentials

Cybercrime

Phishing

Youtube

Ransomware

Trojan

Payload

Exploit

Infostealer ...

Email Addres...

Microsoft

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Redline Malware is associated with Raccoon. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actor	Unspecified	8
The Vidar Malware is associated with Raccoon. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malw	Unspecified	7
The Lockbit Malware is associated with Raccoon. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2
The Lokibot Malware is associated with Raccoon. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information	Unspecified	2
The Formbook Malware is associated with Raccoon. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o	Unspecified	2
The malware Avemaria/warzonerat is associated with Raccoon.	Unspecified	2
The Dridex Malware is associated with Raccoon. Dridex is a notorious malware, specifically a banking Trojan, designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. This malicious software was primarily used by the Russian cybercriminal group, Evil Corp, founded in 2014. The group ta	Unspecified	2
The Mars Malware is associated with Raccoon. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting And	Unspecified	2
The Agenttesla Malware is associated with Raccoon. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for rans	Unspecified	2
The NETWIRE Malware is associated with Raccoon. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at	Unspecified	2
The Lummac2 Malware is associated with Raccoon. LummaC2 is a malicious software (malware) that was initially identified in Russian-speaking forums in 2022. It is written in C and distributed as Malware-as-a-Service (MaaS). This malware functions as a dynamic strain under active development, with its use expanding to several additional malware fam	Unspecified	2
The Redline Stealer Malware is associated with Raccoon. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects s	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Orange Spain Threat Actor is associated with Raccoon. Orange Spain, a major Spanish network provider, was disrupted by a cyberattack on January 3, 2024. The threat actor known as 'Snow' compromised Orange Spain's RIPE account, leading to significant internet outages. This incident underscores the vulnerability of critical internet infrastructure and hi	Unspecified	2
The Scattered Spider Threat Actor is associated with Raccoon. Scattered Spider is a notorious threat actor group known for its malicious cyber activities. The group primarily targets enterprise data within Software as a Service (SaaS) applications, including less sophisticated outfits and more well-known systems such as Microsoft cloud environments and on-prem	Unspecified	2

Source Document References

Information about the Raccoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
BankInfoSecurity	a month ago	Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
DARKReading	2 months ago	Infostealers: An Early Warning for Ransomware Attacks
Checkpoint	4 months ago	22nd July – Threat Intelligence Report - Check Point Research
Fortinet	4 months ago	Dark Web Shows Cybercriminals Ready for Olympics. Are You? \| FortiGuard Labs
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU	9 months ago	ChatGPT credentials snagged by infostealers on 225K infected devices
CERT-EU	9 months ago	Alert: Info Stealers Target Stored Browser Credentials
Securityaffairs	9 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
BankInfoSecurity	9 months ago	Alert: Info Stealers Target Stored Browser Credentials
CERT-EU	9 months ago	Ransomware crews lean into infostealers for initial access
CERT-EU	9 months ago	Surge in ransomware, leaks and info stealers targeting Middle East and Africa – Intelligent CIO Middle East \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	9 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini
CERT-EU	9 months ago	Alleged Raccoon Infostealer operator extradited, verification site set up for victims - Help Net Security
CERT-EU	9 months ago	Alleged Raccoon Infostealer operator extradited, verification site set up for victims
Malwarebytes	9 months ago	Raccoon Infostealer operator extradited to the United States \| Malwarebytes
BankInfoSecurity	9 months ago	Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties
Securityaffairs	9 months ago	A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Securityaffairs	9 months ago	Security Affairs newsletter Round 459 by Pierluigi Paganini