raccoon | cfc3768cbc19e72ee4d54a18f6700e7f3fda452a901d3c1dae68ae4880edaf7d | Triage

Sharing

General

Target

cfc3768cbc19e72ee4d54a18f6700e7f3fda452a901d3c1dae68ae4880edaf7d
Size

534KB
Sample

211108-n6efrshbel
MD5

e2cbdf74ff9c8f936a4fb8c6b2a956fa
SHA1

7198d953db35dd67aaf70782a42029c1586fb5a8
SHA256

cfc3768cbc19e72ee4d54a18f6700e7f3fda452a901d3c1dae68ae4880edaf7d
SHA512

ebf4a320a38757e3a659575b489113f15c854a53d25ac10c235b58cd1e2c7cbdf96f51a0761aaccc1d209fbde1f1b641c643e032c5f05ffcb4f15917441f1b9d

Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fcdc156d3872c18d25e3ee45499599b45e492a67

Attributes

url4cnc
http://178.23.190.57/rino115sipsip
http://91.219.236.162/rino115sipsip
http://185.163.47.176/rino115sipsip
http://193.38.54.238/rino115sipsip
http://74.119.192.122/rino115sipsip
http://91.219.236.240/rino115sipsip
https://t.me/rino115sipsip

rc4.plain

rc4.plain

Targets

- Target
  
  cfc3768cbc19e72ee4d54a18f6700e7f3fda452a901d3c1dae68ae4880edaf7d
- Size
  
  534KB
- MD5
  
  e2cbdf74ff9c8f936a4fb8c6b2a956fa
- SHA1
  
  7198d953db35dd67aaf70782a42029c1586fb5a8
- SHA256
  
  cfc3768cbc19e72ee4d54a18f6700e7f3fda452a901d3c1dae68ae4880edaf7d
- SHA512
  
  ebf4a320a38757e3a659575b489113f15c854a53d25ac10c235b58cd1e2c7cbdf96f51a0761aaccc1d209fbde1f1b641c643e032c5f05ffcb4f15917441f1b9d
Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonfcdc156d3872c18d25e3ee45499599b45e492a67stealer