Raccoon Stealer is Back with a New Version

Date 2022. 06. 17

Executive Summary

  • On March 25, 2022, the operator of Raccoon Stealer, who was active on the dark web forum, temporarily suspended his activities since a key developer died in the Russia-Ukraine War.
  • On May 17, 2022, the operator mentioned that the development of a new version of the stealer was completed, and uploaded details of changes, improvements, and prices to their Telegram channel.
  • On June 9, 2022, the operator resumed activities on the dark web forum where they were active and wrote a comment asking for inquiries about Raccoon Stealer V2 to contact via Telegram.
  • During deep & dark web monitoring, we confirmed that the Stealer log file, which is generated by Raccoon Stealer V2, has already begun to be traded and shared among cybercriminals.
  • From what has been confirmed so far, it is estimated that attacks using V2 started in earnest in June after the testing period.
  • As a result of obtaining and analyzing the Raccoon Stealer V2 sample, it was confirmed that there were no significant differences in the overall execution flow although many parts were changed.
  • It is judged that V2 will be continuously updated in the future in that there are unfinished codes compared to V1 and functions such as analysis interruption.
  • Currently, it is distributed in the same way as V1, disguised as Cracked Software, but as it is updated to V2, continuous monitoring is required to see if there is any change in the distribution method in the future.