raccoon | d864d21e1a90dbca2f833e57b71c34291d01956c750454afc1a688fa1a8becc7 | Triage

Sharing

General

Target

d864d21e1a90dbca2f833e57b71c34291d01956c750454afc1a688fa1a8becc7
Size

481KB
Sample

211106-xcmdyscdgj
MD5

e9bf787cd9460ea9648aa46f648d76e9
SHA1

b22846669b3c9acea83954f448fa1afeb05379a4
SHA256

d864d21e1a90dbca2f833e57b71c34291d01956c750454afc1a688fa1a8becc7
SHA512

b7612c4b04bf2a5ec7629e5da9cb54733a7c3ad78ed5973c97d259fd341b06d8899c3aa60fe909a9221e3e2e1d20b7aac622738b8a873298e853f98620d8ee3a

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  d864d21e1a90dbca2f833e57b71c34291d01956c750454afc1a688fa1a8becc7
- Size
  
  481KB
- MD5
  
  e9bf787cd9460ea9648aa46f648d76e9
- SHA1
  
  b22846669b3c9acea83954f448fa1afeb05379a4
- SHA256
  
  d864d21e1a90dbca2f833e57b71c34291d01956c750454afc1a688fa1a8becc7
- SHA512
  
  b7612c4b04bf2a5ec7629e5da9cb54733a7c3ad78ed5973c97d259fd341b06d8899c3aa60fe909a9221e3e2e1d20b7aac622738b8a873298e853f98620d8ee3a
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer