raccoon | 662f468a497f6283fb91cfeab700950164ec7be98245d217bb1570622d3f8f1f | Triage

Sharing

General

Target

8_00430000_002A000001~Rip.exe
Size

559KB
Sample

200808-7g4vajre7a
MD5

6861cce9622b99fa503f5e69b8aac8a1
SHA1

3a41bb30c5f63db859c8a395c3eb31de65686d2e
SHA256

662f468a497f6283fb91cfeab700950164ec7be98245d217bb1570622d3f8f1f
SHA512

2219f9987d80a24db19fe21b5a00f1e8b1c73a132e7c8bf8827703c340d14a6766ac9db6977ff4889cbd1bb301083936bcde659db70f459a2fe0adc45f8a2cbf

Score

10^/10

raccoon 63d65ff026f351f4131d52b2f874a80eaafc21e3 stealer

Malware Config

Extracted

Family

raccoon

Botnet

63d65ff026f351f4131d52b2f874a80eaafc21e3

Attributes

url4cnc
https://drive.google.com/uc?export=download&id=1M5gMGlOLtBmmH6czK6eBhSEpTqw_lu9y

rc4.plain

rc4.plain

Targets

- Target
  
  8_00430000_002A000001~Rip.exe
- Size
  
  559KB
- MD5
  
  6861cce9622b99fa503f5e69b8aac8a1
- SHA1
  
  3a41bb30c5f63db859c8a395c3eb31de65686d2e
- SHA256
  
  662f468a497f6283fb91cfeab700950164ec7be98245d217bb1570622d3f8f1f
- SHA512
  
  2219f9987d80a24db19fe21b5a00f1e8b1c73a132e7c8bf8827703c340d14a6766ac9db6977ff4889cbd1bb301083936bcde659db70f459a2fe0adc45f8a2cbf
Score

10^/10

stealer raccoon
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2