raccoon | 40c3d5058ab04c16dc3c106275aa66e1eceb746c50e445b6a59bf6fc0493354c | Triage

Sharing

General

Target

MIX3h1_20211027-004540
Size

465KB
Sample

211026-2tsdraadc3
MD5

926177c7f6c851ace0278847d3d5ebff
SHA1

154950bd5402fbde8984df5f876ed109c698fac1
SHA256

40c3d5058ab04c16dc3c106275aa66e1eceb746c50e445b6a59bf6fc0493354c
SHA512

416ab1aa2a1d58898078883bb5b6d1bf86c08da1b8ccb68fde70d03e8f70a79d7f126ecf4b5b6119aea3f09b4c1bb20086781ea8f2f490b8ce89c5d655212432

Score

10^/10

raccoon 187e8d46623768b376fedb48580157fafedb4942 stealer

Malware Config

Extracted

Family

raccoon

Botnet

187e8d46623768b376fedb48580157fafedb4942

Attributes

url4cnc
http://telegin.top/frombobu98s
http://ttmirror.top/frombobu98s
http://teletele.top/frombobu98s
http://telegalive.top/frombobu98s
http://toptelete.top/frombobu98s
http://telegraf.top/frombobu98s
https://t.me/frombobu98s

rc4.plain

rc4.plain

Targets

- Target
  
  MIX3h1_20211027-004540
- Size
  
  465KB
- MD5
  
  926177c7f6c851ace0278847d3d5ebff
- SHA1
  
  154950bd5402fbde8984df5f876ed109c698fac1
- SHA256
  
  40c3d5058ab04c16dc3c106275aa66e1eceb746c50e445b6a59bf6fc0493354c
- SHA512
  
  416ab1aa2a1d58898078883bb5b6d1bf86c08da1b8ccb68fde70d03e8f70a79d7f126ecf4b5b6119aea3f09b4c1bb20086781ea8f2f490b8ce89c5d655212432
Score

10^/10

raccoon 187e8d46623768b376fedb48580157fafedb4942 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon187e8d46623768b376fedb48580157fafedb4942stealer

behavioral2

raccoon187e8d46623768b376fedb48580157fafedb4942stealer