Raccoon Stealer

Malware Profile Updated a month ago
Download STIX
Preview STIX
Raccoon Stealer is a form of malware that was first identified in 2019. Developed by Russian-speaking coders and initially promoted on Russian-language hacking forums, the malicious software was designed to steal sensitive data from victims, including credit card information, email credentials, and cryptocurrency wallets. The malware gained traction among cybercriminals due to its ability to exploit system vulnerabilities via suspicious downloads, emails, or websites. The Raccoon Stealer panel was hosted on a Tor site, and threat actors often employed typosquatting techniques to target organizations and individuals. Furthermore, hackers used customer credentials exposed in previous hacks to spread the malware. The operations of Raccoon Stealer were temporarily suspended due to the war in Ukraine. However, the malware made a significant comeback with an updated version, as detailed on the Raccoon Stealer Telegram channel. This resurgence saw the use of innovative methods such as QR codes for infiltration. Moreover, the malware was linked to various cybersecurity incidents involving multinational companies and diplomatic entities, underscoring its pervasive nature and the extent of its potential damage. However, the future of Raccoon Stealer became uncertain following the arrest of Ukrainian national Mark Sokolovsky by Dutch police. Sokolovsky was indicted by a Texas grand jury on federal charges related to his role in the Raccoon Stealer malware-as-a-service operation. Despite this setback, co-conspirators continued to operate and update the malware, indicating its persistent threat to global cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Raccoon
5
Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Trojan
Discord
Cybercrime
Spyware
Bitdefender
Exploit Kit
Infostealer ...
Extortion
Phishing
Credentials
Moveit
Telegram
Ukraine
Sandbox
Snowflake
Esentire
Microsoft
Sophos
Downloader
Vulnerability
Rat
Maas
Payload
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
VidarUnspecified
2
Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2,
RedlineUnspecified
2
RedLine is a notorious malware, discovered in March 2020, designed to exploit computer systems and steal sensitive personal information such as login credentials, cryptocurrency wallets, and financial data. It exports this stolen data to its command-and-control infrastructure. The malware has been u
Redline StealerUnspecified
2
RedLine Stealer is a malicious software that was used to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. In July 2023, Unit 42 conducted an analysis of a RedLine Stealer infection using Wireshark, a network protocol analyzer. The analysis in
Lumma StealerUnspecified
1
Lumma Stealer is a malicious software, or malware, that targets cryptocurrency wallets and browser user data. It has been particularly prevalent in the gaming community, with cracked video games and cheating tools often found to contain infostealer malware such as Lumma Stealer and RedLine Stealer.
Lummac2Unspecified
1
LummaC2 is a relatively new information-stealing malware, first discovered in 2022. The malicious software has been under active development, with researchers identifying LummaC2 4.0 as a dynamic malware strain in November 2023. It's been used by threat actors for initial access or data theft, often
RescomsUnspecified
1
Rescoms, a malicious software (malware), has been widely used by threat actors in various information-stealing campaigns. According to an ESET report, the malware was distributed using Rugmi, which contains a downloader for the encrypted payload and two other loaders. The malware was used alongside
DridexUnspecified
1
Dridex is a well-known malware, specifically a banking Trojan, that has been utilized by cybercriminals to exploit and damage computer systems. The malware infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user, and can steal personal information, disrupt o
Agent TeslaUnspecified
1
Agent Tesla is a malicious software (malware) that exploits and damages computer systems, often infiltrating the system through suspicious downloads, emails, or websites. This malware can steal personal information, disrupt operations, and potentially hold data for ransom. Agent Tesla has been obser
AresloaderUnspecified
1
AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai
LummaUnspecified
1
Lumma is a prominent malware, particularly known as an information stealer. It is delivered through various means, including suspicious downloads, emails, and websites. In one instance observed by Palo Alto Networks’ Unit 42, Lumma was sent over Latrodectus C2 in an infection chain. In another campa
Vidar StealerUnspecified
1
Vidar Stealer is a form of malware, a malicious software designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat
AgentteslaUnspecified
1
AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage
TitanUnspecified
1
Titan is a notorious piece of malware, first documented in November 2022. Crafted by relatively inexperienced creators, Titan Stealer malware was designed to mimic the success of established ransomware leaders. It was advertised on Telegram as having the ability to steal information from crypto wall
GrandoreiroUnspecified
1
Grandoreiro is a malicious software (malware) that forms part of a Brazilian banking operation targeting banks worldwide. This malware, along with Guildma, Javali, and Melcoz, represents an expanding threat from Brazil that has begun to impact other countries. Grandoreiro infiltrates systems through
DotrunpexUnspecified
1
DotRunpeX is a rapidly evolving and highly stealthy .NET injector malware that has gained significant attention from both security analysts and threat actors. It employs the "Process Hollowing" method to distribute a wide variety of other malware strains, including AgentTesla, ArrowRAT, AsyncRat, Av
LokibotUnspecified
1
LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information
FormbookUnspecified
1
Formbook is a type of malware known for its ability to steal personal information, disrupt operations, and potentially hold data for ransom. The malware is commonly spread through suspicious downloads, emails, or websites, often without the user's knowledge. In June 2023, Formbook was observed being
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Muddled LibraUnspecified
1
Muddled Libra is a notable threat actor known for its sophisticated use of cloud services, particularly Amazon Web Services (AWS) and Microsoft Azure, to execute cyberattacks. The group leverages legitimate cloud service provider (CSP) features to efficiently exfiltrate data. In AWS, Muddled Libra t
Orange SpainUnspecified
1
Orange Spain, a major Spanish network provider, was disrupted by a cyberattack on January 3, 2024. The threat actor known as 'Snow' compromised Orange Spain's RIPE account, leading to significant internet outages. This incident underscores the vulnerability of critical internet infrastructure and hi
Scattered SpiderUnspecified
1
Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Redline RemcosUnspecified
1
None
Netwire PrivateloaderUnspecified
1
None
Vidar XwormUnspecified
1
None
Asyncrat Avemaria/warzoneratUnspecified
1
None
Source Document References
Information about the Raccoon Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a month ago
Snowflake Hacking Spree Puts At Risk 165 Organizations
BankInfoSecurity
a year ago
Breach Roundup: Raccoon Stealer Makes a Comeback
BankInfoSecurity
5 months ago
Ukrainian Behind Raccoon Stealer Operations Extradited to US
Securityaffairs
5 months ago
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Unit42
a year ago
Ransomware Delivery URLs: Top Campaigns and Trends
Checkpoint
a year ago
2nd January – Threat Intelligence Report – Check Point Research
InfoSecurity-magazine
6 months ago
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over
CERT-EU
a year ago
Raccoon Stealer 2.3.0 Malware - A Stealthier Comeback
CERT-EU
a year ago
Over 100K hackers fall victim to infostealer malware
CERT-EU
9 months ago
Data Thieves Test-Drive Unique Certificate Abuse Tactic
Bitdefender
a year ago
RIG Exploit Kit Swaps Dead Raccoon with Dridex
CERT-EU
9 months ago
Latest RAT attack surge bypasses Microsoft's XLL block
CERT-EU
a year ago
Updated Raccoon Stealer better evades detection
CERT-EU
a year ago
Raccoon Stealer Returns With Even Stealthier Version
CERT-EU
7 months ago
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
CERT-EU
a year ago
Malware leveraged to create massive proxy botnet
CERT-EU
7 months ago
Activity of Rugmi malware loader spikes
CERT-EU
a year ago
'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms
CERT-EU
a year ago
The Alarming Rise of Infostealers: How to Detect this Silent Threat
CERT-EU
10 months ago
Effects of ISP Ransomware Attack in Colombia | #ransomware | #cybercrime | National Cyber Security Consulting