Overview

overview

10

Static

static

79238aca12...9b.exe

windows7_x64

10

79238aca12...9b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79238aca12644a0b66a1e42bab4ddf9b.exe

  • Size

    481KB

  • Sample

    211106-s1wv3sefe3

  • MD5

    79238aca12644a0b66a1e42bab4ddf9b

  • SHA1

    69e8f2444e95aad9294cbf15ff9d6c799e3bb92c

  • SHA256

    18766c4e4e8161f71cfcb98a700ad53866a75d29fb67898e866e0bbc0d95bba8

  • SHA512

    528bb72726f7d33ed945c23660e2a97e54f127ada047c0d8d625be4ab909ff02b16ce0809e96950119ecebb30ef0e381caa982ad325b52d29f96536419482e0e

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      79238aca12644a0b66a1e42bab4ddf9b.exe

    • Size

      481KB

    • MD5

      79238aca12644a0b66a1e42bab4ddf9b

    • SHA1

      69e8f2444e95aad9294cbf15ff9d6c799e3bb92c

    • SHA256

      18766c4e4e8161f71cfcb98a700ad53866a75d29fb67898e866e0bbc0d95bba8

    • SHA512

      528bb72726f7d33ed945c23660e2a97e54f127ada047c0d8d625be4ab909ff02b16ce0809e96950119ecebb30ef0e381caa982ad325b52d29f96536419482e0e

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks