Demo Video Transcription
“In this video, we will demonstrate the features of Raccoon, an infostealer offered as a Malware-as-a-Service (MaaS) for criminals. It has the ability to collect the victim’s passwords, cookies, autofill data from all popular browsers, credit card data, cryptocurrency wallets, and more. Typically, it appears as a pirated or cracked version of legitimate software.
In this demo video, we have configured our machine in audit-only mode, so we can execute the same sample we analyzed in more detail on our recent deep-dive Threat Thursday blog for this threat.
Upon execution, you can see how Raccoon is oriented to be a silent malware that does not appear to affect the regular user experience. One of its main features is the ability to run most of its data collection process from memory; with our Memory Protection module we are to intercept this behavior.
If we conduct some root-cause analysis on this event, we can quickly see the process that occurs behind the scenes in memory.
First, it makes a series of DNS requests for its command-and-control server (C2), and as soon as it establishes a connection, migrates into operating system (OS) processes.
Right after that, it starts looking for credential information on any installed Internet browsers as well as collecting information to fingerprint the system, identify running processes, and more.
Administrators can configure BlackBerry Optics’ automated response within our Context-Analysis Engine (CAE) to proactively respond to each one of these tactics, techniques and procedures (TTPs) and stop this threat in the earliest stage possible.
We can also intercept memory access with our Memory Protection module on BlackBerry Protect, but nothing beats our Temporal Predictive Advantage, which allows us to prevent these threats from executing in a matter of milliseconds – with no reliance on cloud connectivity or frequent virus-signature updates.
Let's travel back in time to 2015 (using a Cylance® AI math model not updated since 2015) and test this sample, along with an additional 60+ samples of Raccoon to see what could have happened. We will execute a loop to go ahead and try to execute each file inside this folder.
As you can see, BlackBerry® Protect powered by Cylance AI could have prevented all these variants many years before they ever existed.
Prevention is Possible, with BlackBerry.”