raccoon | cedfb307ac3290314d7e6d4e029ba8ace955e4645a92ab60992bcfeb217b79ed | Triage

Sharing

General

Target

cedfb307ac3290314d7e6d4e029ba8ace955e4645a92ab60992bcfeb217b79ed
Size

547KB
Sample

211108-fk8hqagedp
MD5

69e7dfe5893e18f5b395ce796546a220
SHA1

ba5e5f7aa4c36271d3f06468be62773a87ec0c73
SHA256

cedfb307ac3290314d7e6d4e029ba8ace955e4645a92ab60992bcfeb217b79ed
SHA512

087b666b58e7940f6db721cb25cae3aafc1e3605c1564bf5036ed1a6236a9609344f96c9f550a2924bc8a412ba95f9d510ed69ab08d2eeaa0f5ea0fc86efca59

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  cedfb307ac3290314d7e6d4e029ba8ace955e4645a92ab60992bcfeb217b79ed
- Size
  
  547KB
- MD5
  
  69e7dfe5893e18f5b395ce796546a220
- SHA1
  
  ba5e5f7aa4c36271d3f06468be62773a87ec0c73
- SHA256
  
  cedfb307ac3290314d7e6d4e029ba8ace955e4645a92ab60992bcfeb217b79ed
- SHA512
  
  087b666b58e7940f6db721cb25cae3aafc1e3605c1564bf5036ed1a6236a9609344f96c9f550a2924bc8a412ba95f9d510ed69ab08d2eeaa0f5ea0fc86efca59
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer