Overview

overview

10

Static

static

a1258215f1...58.exe

windows7_x64

10

a1258215f1...58.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1258215f15369899c548101c8fcd1fbf6560719608c1af3bdd6fb47ecac2b84-20210518-052158

  • Size

    560KB

  • Sample

    210518-c5shzzagvx

  • MD5

    9fbd17d1b7f7b5d9b918c7cb6c2a7056

  • SHA1

    a0b231cfe1bc6ad637cac650a2ba70be6848a245

  • SHA256

    a1258215f15369899c548101c8fcd1fbf6560719608c1af3bdd6fb47ecac2b84

  • SHA512

    96ec5a9f4186b5e1aa438dcb7cc609d4815606b97fb08084e4f044ff98f92e45c1a6cd820db5995176739b066204771b05676f88b2d3b1c05fae3f2981bbcb3c

Score
10/10
raccoonc46f13f8aadc028907d65c627fd9163161661f6cstealer

Malware Config

Extracted

Family

raccoon

Botnet

c46f13f8aadc028907d65c627fd9163161661f6c

Attributes
  • url4cnc

    https://telete.in/capibar

rc4.plain
rc4.plain

Targets

    • Target

      a1258215f15369899c548101c8fcd1fbf6560719608c1af3bdd6fb47ecac2b84-20210518-052158

    • Size

      560KB

    • MD5

      9fbd17d1b7f7b5d9b918c7cb6c2a7056

    • SHA1

      a0b231cfe1bc6ad637cac650a2ba70be6848a245

    • SHA256

      a1258215f15369899c548101c8fcd1fbf6560719608c1af3bdd6fb47ecac2b84

    • SHA512

      96ec5a9f4186b5e1aa438dcb7cc609d4815606b97fb08084e4f044ff98f92e45c1a6cd820db5995176739b066204771b05676f88b2d3b1c05fae3f2981bbcb3c

    Score
    10/10
    raccoonc46f13f8aadc028907d65c627fd9163161661f6cstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks