Raccoon Stealer

Overview

Raccoon Stealer is a prominent Malware-as-a-Service (MaaS) infostealer that targets credentials, cryptocurrency wallets, and sensitive data. After a brief hiatus in 2022 following the arrest of its main developer, Raccoon v2 emerged with improved capabilities and remains one of the most popular stealers on underground markets.

Also Known As

Raccoon, RaccoonStealer, Raccoon v2

How It Spreads

• • Phishing emails with malicious Office documents
• • Fake cracked software and game mods
• • Exploit kits on compromised websites
• • Malvertising campaigns
• • Trojanized legitimate software

What It Does

• • Steals browser credentials and autofill data
• • Extracts credit card information from browsers
• • Harvests cryptocurrency wallet data (50+ wallet types)
• • Captures screenshots and system information
• • Steals email client and FTP credentials
• • Exfiltrates Steam, Discord, and Telegram data

Target Platforms

Windows 7, Windows 10, Windows 11

Detection Tips

• • Monitor for processes accessing multiple browser credential stores
• • Alert on rapid sequential file access to known wallet paths
• • Detect DLL injection into browser processes
• • Watch for connections to known Raccoon C2 infrastructure
• • Monitor for suspicious PowerShell downloading executables

MITRE ATT&CK Techniques

T1555, T1539, T1113, T1005, T1071.001