raccoon | f7066f5159f83c1266329e7e8bf27abe5fa6f481da98e3b31c3f8e3cc1af7f06 | Triage

Sharing

General

Target

3b62e9c30b398554f476147d4386f2c6
Size

591KB
Sample

211029-3medzsahgk
MD5

3b62e9c30b398554f476147d4386f2c6
SHA1

7d45a88064af2c0f161bc682eba5244168ee1554
SHA256

f7066f5159f83c1266329e7e8bf27abe5fa6f481da98e3b31c3f8e3cc1af7f06
SHA512

a689b6669291240ec859eac2eb9f71796b00a24eef93e823d51211fd375c77fe3eae147e97671281d73152dfdf0d3ae0a79b399ed8a691436ee8229c3b463c14

Score

10^/10

raccoon b176c5fe76fc027de7ad67f52792266419904252 stealer

Malware Config

Extracted

Family

raccoon

Botnet

b176c5fe76fc027de7ad67f52792266419904252

Attributes

url4cnc
http://telegalive.top/hoverpattern31
http://toptelete.top/hoverpattern31
http://telegraf.top/hoverpattern31
https://t.me/hoverpattern31

rc4.plain

rc4.plain

Targets

- Target
  
  3b62e9c30b398554f476147d4386f2c6
- Size
  
  591KB
- MD5
  
  3b62e9c30b398554f476147d4386f2c6
- SHA1
  
  7d45a88064af2c0f161bc682eba5244168ee1554
- SHA256
  
  f7066f5159f83c1266329e7e8bf27abe5fa6f481da98e3b31c3f8e3cc1af7f06
- SHA512
  
  a689b6669291240ec859eac2eb9f71796b00a24eef93e823d51211fd375c77fe3eae147e97671281d73152dfdf0d3ae0a79b399ed8a691436ee8229c3b463c14
Score

10^/10

raccoon b176c5fe76fc027de7ad67f52792266419904252 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonb176c5fe76fc027de7ad67f52792266419904252stealer

behavioral2

raccoonb176c5fe76fc027de7ad67f52792266419904252stealer