raccoon | e55bf492977d01d54c58f6d1547ac044803317dc8f9bb667fc8a856c70ac187c | Triage

Sharing

General

Target

e55bf492977d01d54c58f6d1547ac044803317dc8f9bb667fc8a856c70ac187c
Size

431KB
Sample

211102-mtd4sscch7
MD5

cd4234c6c83a19af8613d3bdc54e1808
SHA1

fb2f5f2ce7820d23e3778e8182f2c2856fbe30cc
SHA256

e55bf492977d01d54c58f6d1547ac044803317dc8f9bb667fc8a856c70ac187c
SHA512

8548694502138de67d34e48affb3ab9ca5b49ee38575be93d7d0d5761a53d8741687d2b51bcc557074e42674d78342154beaaf65433e538d172e5a6f7f53aee5

Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes

url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  e55bf492977d01d54c58f6d1547ac044803317dc8f9bb667fc8a856c70ac187c
- Size
  
  431KB
- MD5
  
  cd4234c6c83a19af8613d3bdc54e1808
- SHA1
  
  fb2f5f2ce7820d23e3778e8182f2c2856fbe30cc
- SHA256
  
  e55bf492977d01d54c58f6d1547ac044803317dc8f9bb667fc8a856c70ac187c
- SHA512
  
  8548694502138de67d34e48affb3ab9ca5b49ee38575be93d7d0d5761a53d8741687d2b51bcc557074e42674d78342154beaaf65433e538d172e5a6f7f53aee5
Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer