raccoon | 9adfe66778bc95da83c1f0375ef57e5e9f8fcf91cb51b7ee397b7086789028d5 | Triage

Sharing

General

Target

9adfe66778bc95da83c1f0375ef57e5e9f8fcf91cb51b7ee397b7086789028d5
Size

547KB
Sample

211107-rjzd7sfegp
MD5

f744d2c946fc12ed561d2e22507113de
SHA1

0c64f31935eb539fc0fa6573c255a0c6f1a4d569
SHA256

9adfe66778bc95da83c1f0375ef57e5e9f8fcf91cb51b7ee397b7086789028d5
SHA512

edbcc1d656c7db748fd4c27a47e45660072198783b5fa7c15ae8328dfaf4ab639b7b0b5e83a08fdebc5d49113641ec14347e84c6b20a3093647e0c8604e65aab

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  9adfe66778bc95da83c1f0375ef57e5e9f8fcf91cb51b7ee397b7086789028d5
- Size
  
  547KB
- MD5
  
  f744d2c946fc12ed561d2e22507113de
- SHA1
  
  0c64f31935eb539fc0fa6573c255a0c6f1a4d569
- SHA256
  
  9adfe66778bc95da83c1f0375ef57e5e9f8fcf91cb51b7ee397b7086789028d5
- SHA512
  
  edbcc1d656c7db748fd4c27a47e45660072198783b5fa7c15ae8328dfaf4ab639b7b0b5e83a08fdebc5d49113641ec14347e84c6b20a3093647e0c8604e65aab
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer