raccoon | 66371cf1cf1ac4a101cf4beacfbe00035f7ea2ecb7674d79bfceec34937c22ed | Triage

Sharing

General

Target

mixazed_20210604-150917
Size

555KB
Sample

210604-v7aww3k1a2
MD5

62070cc23ba860995b41f6e03541bfcf
SHA1

f8454f7bafd043b8335d8aa7fd0baff7fc418cf7
SHA256

66371cf1cf1ac4a101cf4beacfbe00035f7ea2ecb7674d79bfceec34937c22ed
SHA512

6af5046e61e658f08f0885b705ea788d720f4da80e011b1b7f91f58dc2641113f4d310e211d3a6146ba0138cd455c0d304769838807c2ea7316ad917f71439d8

Score

10^/10

raccoon 28198d4512d0cf31c204eddceb4471d79950b588 stealer

Malware Config

Extracted

Family

raccoon

Botnet

28198d4512d0cf31c204eddceb4471d79950b588

Attributes

url4cnc
https://tttttt.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  mixazed_20210604-150917
- Size
  
  555KB
- MD5
  
  62070cc23ba860995b41f6e03541bfcf
- SHA1
  
  f8454f7bafd043b8335d8aa7fd0baff7fc418cf7
- SHA256
  
  66371cf1cf1ac4a101cf4beacfbe00035f7ea2ecb7674d79bfceec34937c22ed
- SHA512
  
  6af5046e61e658f08f0885b705ea788d720f4da80e011b1b7f91f58dc2641113f4d310e211d3a6146ba0138cd455c0d304769838807c2ea7316ad917f71439d8
Score

10^/10

raccoon 28198d4512d0cf31c204eddceb4471d79950b588 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon28198d4512d0cf31c204eddceb4471d79950b588stealer

behavioral2

raccoon28198d4512d0cf31c204eddceb4471d79950b588stealer