raccoon

General

Target

db87677ad312306781794c4365db990432f30912aacb4ebb8cdd0f6975fda367
Size

255KB
Sample

211027-c9574saed5
MD5

aab39eca3fa0018c441f9d9cbbe73a01
SHA1

0ff9e9594d1d415bf0829371f6592b7af7ea29de
SHA256

db87677ad312306781794c4365db990432f30912aacb4ebb8cdd0f6975fda367
SHA512

d2c2b647cba6bacd18341a7cec801e2235a4b4263bae46f890791ca88a3eea0843da73873d44dbe8b6230fcee65748604cc843128817423c603e43d08fe01a8f

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://gejajoo7.top/

http://sysaheu9.top/

http://nusurtal4f.net/

http://netomishnetojuk.net/

http://escalivrouter.net/

http://nick22doom4.net/

http://wrioshtivsio.su/

http://nusotiso4.su/

http://rickkhtovkka.biz/

http://palisotoliso.net/

rc4.i32

Extracted

Family

redline

Botnet

11111

C2

93.115.20.139:28978

Extracted

Family

redline

Botnet

dksajdlkj32lkj13211211

C2

84.38.189.175:18214

Extracted

Family

vidar

Version

41.6

Botnet

754

C2

https://mas.to/@lilocc

Attributes

profile_id
754

Extracted

Family

raccoon

Botnet

60e59be328fbd2ebac1839ea99411dccb00a6f49

Attributes

url4cnc
http://telegin.top/agrybirdsgamerept
http://ttmirror.top/agrybirdsgamerept
http://teletele.top/agrybirdsgamerept
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

Targets

- Target
  
  db87677ad312306781794c4365db990432f30912aacb4ebb8cdd0f6975fda367
- Size
  
  255KB
- MD5
  
  aab39eca3fa0018c441f9d9cbbe73a01
- SHA1
  
  0ff9e9594d1d415bf0829371f6592b7af7ea29de
- SHA256
  
  db87677ad312306781794c4365db990432f30912aacb4ebb8cdd0f6975fda367
- SHA512
  
  d2c2b647cba6bacd18341a7cec801e2235a4b4263bae46f890791ca88a3eea0843da73873d44dbe8b6230fcee65748604cc843128817423c603e43d08fe01a8f
Score

10^/10

raccoon redline smokeloader vidar 11111 60e59be328fbd2ebac1839ea99411dccb00a6f49 754 dksajdlkj32lkj13211211 backdoor discovery infostealer spyware stealer trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1