raccoon | c57897485abec1f54b3f54c762777cd2b8fb09d79282388a8b30bb1216052361 | Triage

Sharing

General

Target

cfe698927cffa57588b0d86d1663f19a.exe
Size

586KB
Sample

211025-pmq6wsgbc5
MD5

cfe698927cffa57588b0d86d1663f19a
SHA1

19b67410923e589ad3a3c560e35b733e01fe40b2
SHA256

c57897485abec1f54b3f54c762777cd2b8fb09d79282388a8b30bb1216052361
SHA512

984b12091b376797d2350e9a10fe8b88de4c99815f6dd887d678384649bced4e3e89f65db05fc767e280c80bcea7f101ae399d38d7e8b6a9ab3c6a27ebcbb6b9

Score

10^/10

raccoon 7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes

url4cnc
http://telegatt.top/agrybirdsgamerept
http://telegka.top/agrybirdsgamerept
http://telegin.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  cfe698927cffa57588b0d86d1663f19a.exe
- Size
  
  586KB
- MD5
  
  cfe698927cffa57588b0d86d1663f19a
- SHA1
  
  19b67410923e589ad3a3c560e35b733e01fe40b2
- SHA256
  
  c57897485abec1f54b3f54c762777cd2b8fb09d79282388a8b30bb1216052361
- SHA512
  
  984b12091b376797d2350e9a10fe8b88de4c99815f6dd887d678384649bced4e3e89f65db05fc767e280c80bcea7f101ae399d38d7e8b6a9ab3c6a27ebcbb6b9
Score

10^/10

raccoon 7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer

behavioral2

raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer