raccoon | 95ef178ea7ab7c2420efddee508c99ed923b9f597a845ee52c12225982b529ca | Triage

Sharing

General

Target

95ef178ea7ab7c2420efddee508c99ed923b9f597a845ee52c12225982b529ca
Size

482KB
Sample

211106-ym4xescgdl
MD5

981e48a453de46a239832d797defa7ab
SHA1

b291cb97491985a5a8958e7be28475e6df35acc5
SHA256

95ef178ea7ab7c2420efddee508c99ed923b9f597a845ee52c12225982b529ca
SHA512

627f9c6a870ddffc05d5c70bfdb555a6372aecf101704850a32f26cbca6505a5d815349671598f60da0cd1ab9cc877c5ff131a3a9f0bf0464ae7cf20e0b6d121

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  95ef178ea7ab7c2420efddee508c99ed923b9f597a845ee52c12225982b529ca
- Size
  
  482KB
- MD5
  
  981e48a453de46a239832d797defa7ab
- SHA1
  
  b291cb97491985a5a8958e7be28475e6df35acc5
- SHA256
  
  95ef178ea7ab7c2420efddee508c99ed923b9f597a845ee52c12225982b529ca
- SHA512
  
  627f9c6a870ddffc05d5c70bfdb555a6372aecf101704850a32f26cbca6505a5d815349671598f60da0cd1ab9cc877c5ff131a3a9f0bf0464ae7cf20e0b6d121
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer