raccoon | ee6a1e4c8a5381d2f848cc3cf000ce21431d9479740a07d32638c9c6a50e6fcc | Triage

Sharing

General

Target

ee6a1e4c8a5381d2f848cc3cf000ce21431d9479740a07d32638c9c6a50e6fcc
Size

533KB
Sample

211108-lzm38abfh2
MD5

a056fafc86c0a8cffd016ad6883695e1
SHA1

28af57210237b0475e00b4eabb0c9dcd07c1d47f
SHA256

ee6a1e4c8a5381d2f848cc3cf000ce21431d9479740a07d32638c9c6a50e6fcc
SHA512

428287ee89bbea841b26f2a85c051a0515c46677cfd54fbd1a6206a18bbb91da74bffb48c6bcbb77c347429125b9f07d5b20f92af52683240e084ba4ae7b36c1

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept

http://91.219.236.162/agrybirdsgamerept

http://185.163.47.176/agrybirdsgamerept

http://193.38.54.238/agrybirdsgamerept

http://74.119.192.122/agrybirdsgamerept

http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  ee6a1e4c8a5381d2f848cc3cf000ce21431d9479740a07d32638c9c6a50e6fcc
- Size
  
  533KB
- MD5
  
  a056fafc86c0a8cffd016ad6883695e1
- SHA1
  
  28af57210237b0475e00b4eabb0c9dcd07c1d47f
- SHA256
  
  ee6a1e4c8a5381d2f848cc3cf000ce21431d9479740a07d32638c9c6a50e6fcc
- SHA512
  
  428287ee89bbea841b26f2a85c051a0515c46677cfd54fbd1a6206a18bbb91da74bffb48c6bcbb77c347429125b9f07d5b20f92af52683240e084ba4ae7b36c1
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer