raccoon | f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528 | Triage

Sharing

General

Target

f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528
Size

425KB
Sample

211102-sx4rhshcan
MD5

f732af1f1088ffc33e807c2fa7317512
SHA1

8c91e59ebe7ea96a956ed13b6306f1efbb3a09d3
SHA256

f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528
SHA512

1135c0d552c8fab6323082718ac77ebe19a39d2cc9c66275fd6f233941d6612ee8b7e797bd1ae991287fc2c7379e66fbb43f71e91de0acdb5eaffb978223b181

Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes

url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528
- Size
  
  425KB
- MD5
  
  f732af1f1088ffc33e807c2fa7317512
- SHA1
  
  8c91e59ebe7ea96a956ed13b6306f1efbb3a09d3
- SHA256
  
  f43ac01f55aaa2bee8774e6fffc1743e94d9194a99427119899df6a905f2d528
- SHA512
  
  1135c0d552c8fab6323082718ac77ebe19a39d2cc9c66275fd6f233941d6612ee8b7e797bd1ae991287fc2c7379e66fbb43f71e91de0acdb5eaffb978223b181
Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer