[ Tool ] Raccoon Stealer 27.03.2023

  • 💌Important Message to All Fellas💌

    💌Important Message to All Fellas : 💌

    ⚠️Thank you for being with us over the past year.
    To support our community, we're now offering an "Account Upgrade" for purchase.
    VIP and Legendary members get special direct downloads without needing to like or reply to threads. Upgrade now to enjoy these benefits!
    HERE Our Official Telegram

    ⛔ Spam: If someone try SCAM you or SPAM Message to you let me know we will ban them

    🏆 Download Error or Missing Link: Click on threads and report them to Our admin will re-upload for you.

    ☣️ Infected or Backdoor/RAT: If you find a virus, please report it to us via Telegram or click report in the threads, and we will completely ban them in 100%

    🎯 Our Plan : Make resource downloads on a private host without using another free upload because easy gone

    ❤️ We try our best to make everyone's shared tools clean and fresh in here, so enjoy with our fellas. ❤️

Status
Not open for further replies.
Leviathan

Leviathan

Moderator
Jul 12, 2023
Threads
524
553
93
Credits
7,618

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
To view the content, you need to Sign In or Register.
 
  • Like
  • Love
Reactions: papapapappapapap, spedcial_ed, boltoans and 90 others
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
niceeee
 
  • Like
Reactions: maxtest646 and thomascreap
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
good
 
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
reallyy goodd mann ttyty
 
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
good man i was searching that and now i lov u
 
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
great
 
Beelzebub said:

什么是浣熊偷窃者?

Raccoon Stealer 是专门从受感染计算机窃取敏感信息的恶意软件示例。安装后,Raccoon 可以收集广泛的数据,包括浏览器历史记录、密码、cookie、信用卡信息和加密货币钱包信息。然后,该信息被发送到由恶意软件操作者控制的远程服务器。
raccoon-1-panel.webp
Raccoon 参与了许多针对全球组织的引人注目的攻击。它的成功部分归功于其使用了先进的反检测技术,例如沙箱绕过和代码混淆,使得安全研究人员难以分析和检测它。此外,恶意软件也在不断发展。它可以作为独立或补充的恶意软件工作,并且该恶意软件的开发人员在相关论坛上发布大量消息,在那里他们宣传他们的创意。
raccoon-2-panel.webp

它是如何工作的?

除了其主要用途外,Raccoon Stealer 还可以充当下载程序,使其能够将特定文件下载到受害者的系统并使用受 Raccoon 感染的 PC 组成的僵尸网络。此外,每个恶意软件样本都是独特构建的,这使得安全工具难以检测到。尽管两个版本都使用 Base64 编码,但版本 2 在恶意软件可执行文件中包含带有硬编码解密密钥的 RC4 加密。新版本还在恶意软件代码中插入了一些不必要的代码,使得逆向工程分析变得困难。此外,恶意软件还需要额外的动态链接库,在初始数据交换期间从命令和控制服务器接收这些动态链接库以解密和保存数据。

最新版本的 Raccoon Stealer 默认具有打包和加密功能。相比之下,之前的版本没有这些检测保护。此外,新版本还包括反虚拟机和反沙箱功能。然而,尽管实施了这些措施,但在某些情况下,最新版本以解压形式到达目标系统,这表明在生成样本时可以禁用这些功能。

C2通讯

Raccoon Stealer 使用预定义的 IP 地址列表来连接到其命令和控制服务器。然而,第一个版本中获取这些 IP 地址的方式与第二个版本中的不同:Raccoon Stealer 的第一个版本向 Telegram 信使发送了一个请求,并从那里获取了 C2 地址列表。新版本包含硬编码的 C2 地址列表,该列表是在恶意软件生成阶段添加的。当 Raccoon Stealer 第一次联系命令和控制服务器时,它会接收 DLL 和配置文件。然后,恶意软件重置收集的信息并发送带有参数 bot_id 和 config_id 的 POST 请求。第一个版本的库与第二个版本略有不同。
[剧透]*** 隐藏文本:无法引用。***
[/剧透]​
Click to expand...
谢谢
 
Beelzebub said:

너구리 도둑이란 무엇입니까?

Raccoon 스틸러는 감염된 컴퓨터에서 중요한 정보를 훔치는 데 특화된 맬웨어의 예입니다. 일단 설치되면 Raccoon은 브라우저 기록, 암호, 쿠키, 신용 카드 정보 및 암호 화폐 지갑 정보를 포함한 광범위한 데이터를 수집할 수 있습니다 . 그런 다음 이 정보는 맬웨어 운영자가 제어하는 원격 서버로 전송됩니다.
raccoon-1-panel.webp
Raccoon은 전 세계 조직에 대한 수많은 유명 공격에 관여했습니다. 그것의 성공은 부분적으로 샌드박스 바이패스 및 코드 난독화와 같은 고급 탐지 방지 기술을 사용하여 보안 연구원이 이를 분석하고 탐지하기 어렵게 만든 덕분입니다. 또한 악성코드는 지속적으로 진화하고 있습니다. 독립 실행형 또는 보완적인 맬웨어로 작동할 수 있으며 이 맬웨어 개발자는 아이디어를 광고하는 관련 포럼에 광범위한 메시지를 게시합니다.
raccoon-2-panel.webp

어떻게 작동합니까?

기본 목적 외에도 Raccoon Stealer는 다운로더 역할을 할 수 있어 피해자의 시스템에 특정 파일을 다운로드하고 Raccoon에 감염된 PC의 봇넷을 사용하는 데 다재다능하게 사용할 수 있습니다. 또한 각 맬웨어 샘플은 고유하게 구축되어 보안 도구가 탐지하기 어렵습니다. 두 버전 모두 base64 인코딩을 사용하지만 버전 2에는 맬웨어 실행 파일에 하드 코딩된 암호 해독 키가 있는 RC4 암호화가 포함되어 있습니다. 또한 새 버전은 악성 코드에 불필요한 코드를 여러 개 삽입하여 리버스 엔지니어링 분석을 어렵게 만듭니다. 또한 이 악성코드는 데이터를 해독하고 저장하기 위해 초기 데이터 교환 중에 명령 및 제어 서버에서 수신하는 추가 동적 링크 라이브러리가 필요합니다.

최신 버전의 Raccoon Stealer에는 기본적으로 패키징 및 암호화 기능이 있습니다. 반대로 이전 버전에는 이러한 탐지 보호 기능이 없었습니다. 또한 새 버전에는 안티 VM 및 안티 샌드박싱 기능이 포함되어 있습니다. 그러나 이러한 조치의 구현에도 불구하고 최신 버전이 압축 해제된 형태로 대상 시스템에 도착하는 경우가 있어 샘플을 생성할 때 이러한 기능을 비활성화할 수 있음을 나타냅니다.

C2 통신

Raccoon Stealer는 사전 정의된 IP 주소 목록을 사용하여 명령 및 제어 서버에 연결합니다. 그러나 이러한 IP 주소를 얻는 것은 첫 번째 버전과 두 번째 버전에서 다릅니다. Raccoon Stealer의 첫 번째 버전은 Telegram 메신저에 요청을 보내고 거기에서 C2 주소 목록을 얻었습니다. 새 버전에는 맬웨어 생성 단계에서 추가되는 하드코딩된 C2 주소 목록이 포함되어 있습니다. Raccoon Stealer가 C&C 서버에 처음 접속하면 DLL과 구성 파일을 수신합니다. 그런 다음 맬웨어는 수집된 정보를 재설정하고 bot_id 및 config_id 매개 변수와 함께 POST 요청을 보냅니다. 첫 번째 버전의 라이브러리는 두 번째 버전과 약간 다릅니다.
[스포일러]*** 숨겨진 텍스트: 인용할 수 없습니다. ***
[스포일러]​
Click to expand...
 
Beelzebub said:

What is a Raccoon Stealer?

Raccoon stealer is an example of malware that specializes in stealing sensitive information from infected computers. Once installed, Raccoon can collect a wide range of data, including browser history, passwords, cookies, credit card information, and cryptocurrency wallet information. This information is then sent to a remote server controlled by the malware operators.
raccoon-1-panel.webp
Raccoon has been involved in numerous high-profile attacks on organizations worldwide. Its success is partly due to its use of advanced anti-detection techniques, such as sandbox bypass and code obfuscation, making it difficult for security researchers to analyze and detect it. In addition, malware is constantly evolving. It can work as standalone or complementary malware, and developers of this malware publish extensive messages on relevant forums where they advertise their brainchild.
raccoon-2-panel.webp

How does it work?

In addition to its primary purpose, Raccoon Stealer can act as a downloader, making it versatile for downloading specific files to a victim’s system and using a botnet of Raccoon-infected PCs. Furthermore, each malware sample is uniquely built, making it difficult for security tools to detect. Although both versions use base64 encoding, version 2 includes RC4 encryption with a hard-coded decryption key in the malware executable. The new version also inserts several unnecessary codes into the malware code, making reverse-engineering analysis difficult. In addition, the malware requires additional dynamic link libraries, which it receives from the command and control server during the initial data exchange to decrypt and save data.

The latest version of Raccoon Stealer has a packaging and encryption feature by default. In contrast, the previous version did not have these detection protections. In addition, the new version includes anti-VM and anti-sandboxing features. However, despite the implementation of these measures, there were cases where the latest version arrived on target systems in unpacked form, indicating that it is possible to disable these features when generating samples.

C2 communication

Raccoon Stealer uses a predefined list of IP addresses to connect to its command and control server. However, obtaining these IP addresses was different in the first version than in the second: the first version of Raccoon Stealer sent a request to the Telegram messenger and got a list of C2 addresses from there. The new version contains a list of hardcoded C2 addresses, which is added at the stage of malware generation. When Raccoon Stealer first contacts the command and control server, it receives DLLs and configuration files. The malware then resets the collected information and sends a POST request with the parameters bot_id and config_id. The libraries of the first version are slightly different from the second.
*** Hidden text: cannot be quoted. ***
Click to expand...
thx
 
  • Like
Reactions: nerobhasnat and KongKongS
Status
Not open for further replies.

Forum statistics

Threads
1,774
Messages
35,461
Members
8,032
Latest member
Winskyy
Member time online
632d 22h 56m
Reputation(s)
26

Share this page

Share this page
Top Bottom
Back