raccoon | cebead3cb42f021d0bcaa4727ee361cb95047626490ed5fccf99b7b4f215483c | Triage

Sharing

General

Target

cebead3cb42f021d0bcaa4727ee361cb95047626490ed5fccf99b7b4f215483c
Size

506KB
Sample

211027-dngs3aaee7
MD5

9bbe0ba70935af1f5811a3ad71293c29
SHA1

6ee7e00124a1caf434c9516d2928fbf6a0d83303
SHA256

cebead3cb42f021d0bcaa4727ee361cb95047626490ed5fccf99b7b4f215483c
SHA512

ea2a2f92f4971d6b77893756e1d68e1c4570e277484979a99d34aac494b1fffdd5a172a10e4c2876d56ca9d6f16e40c557f2ad5408abc9e9f95fdfdc6d3c68de

Score

10^/10

raccoon 60e59be328fbd2ebac1839ea99411dccb00a6f49 stealer

Malware Config

Extracted

Family

raccoon

Botnet

60e59be328fbd2ebac1839ea99411dccb00a6f49

Attributes

url4cnc
http://telegin.top/agrybirdsgamerept
http://ttmirror.top/agrybirdsgamerept
http://teletele.top/agrybirdsgamerept
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  cebead3cb42f021d0bcaa4727ee361cb95047626490ed5fccf99b7b4f215483c
- Size
  
  506KB
- MD5
  
  9bbe0ba70935af1f5811a3ad71293c29
- SHA1
  
  6ee7e00124a1caf434c9516d2928fbf6a0d83303
- SHA256
  
  cebead3cb42f021d0bcaa4727ee361cb95047626490ed5fccf99b7b4f215483c
- SHA512
  
  ea2a2f92f4971d6b77893756e1d68e1c4570e277484979a99d34aac494b1fffdd5a172a10e4c2876d56ca9d6f16e40c557f2ad5408abc9e9f95fdfdc6d3c68de
Score

10^/10

raccoon 60e59be328fbd2ebac1839ea99411dccb00a6f49 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer