raccoon | ee27087d49f9a94d2d1d1a5ec18b9ec7053e0c821a80c6b6472850ea7bfac39b | Triage

Sharing

General

Target

ee27087d49f9a94d2d1d1a5ec18b9ec7053e0c821a80c6b6472850ea7bfac39b
Size

424KB
Sample

211102-qdstssceh6
MD5

a27f2aeaba229ebfa0954135358f137a
SHA1

75892fc2cf3230f78d5929b1476e2d5fe43b02f1
SHA256

ee27087d49f9a94d2d1d1a5ec18b9ec7053e0c821a80c6b6472850ea7bfac39b
SHA512

7bd1cbb14fb365451ecb94bc201d8fa34ef13dd2df17b3b24e0c274dc760a8f2c2c5379b32e51160c4bfb36b18cd437edd171a3d8b125b759aa89ad201a32ba4

Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes

url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  ee27087d49f9a94d2d1d1a5ec18b9ec7053e0c821a80c6b6472850ea7bfac39b
- Size
  
  424KB
- MD5
  
  a27f2aeaba229ebfa0954135358f137a
- SHA1
  
  75892fc2cf3230f78d5929b1476e2d5fe43b02f1
- SHA256
  
  ee27087d49f9a94d2d1d1a5ec18b9ec7053e0c821a80c6b6472850ea7bfac39b
- SHA512
  
  7bd1cbb14fb365451ecb94bc201d8fa34ef13dd2df17b3b24e0c274dc760a8f2c2c5379b32e51160c4bfb36b18cd437edd171a3d8b125b759aa89ad201a32ba4
Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer