raccoon | 55041cb629a271f21482a96b3f51462de3264783a01e3300f93966704e6e2243 | Triage

Sharing

General

Target

55041cb629a271f21482a96b3f51462de3264783a01e3300f93966704e6e2243
Size

534KB
Sample

211108-m5d8yahaem
MD5

34de2b2b0b76a53335dd58f0ced684ff
SHA1

4f90040afaec7585679e8b1cb474dee564e3635a
SHA256

55041cb629a271f21482a96b3f51462de3264783a01e3300f93966704e6e2243
SHA512

c4508868dd4612fe75209456b17f3109d117d7c193096a41dec7d23712b48e2d63cef0a3f99a11938711ea1a49dbec2995e415030d7731c896a5f2771eac30c4

Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes

url4cnc
http://178.23.190.57/agrybirdsgamerept
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  55041cb629a271f21482a96b3f51462de3264783a01e3300f93966704e6e2243
- Size
  
  534KB
- MD5
  
  34de2b2b0b76a53335dd58f0ced684ff
- SHA1
  
  4f90040afaec7585679e8b1cb474dee564e3635a
- SHA256
  
  55041cb629a271f21482a96b3f51462de3264783a01e3300f93966704e6e2243
- SHA512
  
  c4508868dd4612fe75209456b17f3109d117d7c193096a41dec7d23712b48e2d63cef0a3f99a11938711ea1a49dbec2995e415030d7731c896a5f2771eac30c4
Score

10^/10

raccoon 243f5e3056753d9f9706258dce4f79e57c3a9c44 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer