raccoon | be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af | Triage

Sharing

General

Target

b716ef0649230524ec8117ad8ea7b909.exe
Size

424KB
Sample

211103-ydek6sefe4
MD5

b716ef0649230524ec8117ad8ea7b909
SHA1

9fb2745944a6a323196e76063d030ce40979a404
SHA256

be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af
SHA512

e211ffc897ada42890bcb9e27b847647f52e3ecbe7562ca626ba5fbd61c00b3f00761a30668243ed904e63631fffab54023ef03b52fd1601ee5c8812f8818044

Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes

url4cnc
http://telegalive.top/agrybirdsgamerept
http://toptelete.top/agrybirdsgamerept
http://telegraf.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  b716ef0649230524ec8117ad8ea7b909.exe
- Size
  
  424KB
- MD5
  
  b716ef0649230524ec8117ad8ea7b909
- SHA1
  
  9fb2745944a6a323196e76063d030ce40979a404
- SHA256
  
  be4c0e3a5025c1cb1a5a4c17321a8412f2599ea5fa6c942c2339479e74a336af
- SHA512
  
  e211ffc897ada42890bcb9e27b847647f52e3ecbe7562ca626ba5fbd61c00b3f00761a30668243ed904e63631fffab54023ef03b52fd1601ee5c8812f8818044
Score

10^/10

raccoon 68e2d75238f7c69859792d206401b6bde2b2515c stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer

behavioral2

raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer