raccoon | 2820898b2f7b07067f4873135fa66bff7315b29825ed11802eef98ddb934d171 | Triage

Submit
Reports

Overview

overview

Static

static

pago-caja.exe

windows7_x64

pago-caja.exe

windows10_x64

Sharing

General

Target

pago-caja.exe
Size

1.4MB
Sample

211109-p3gx6acchk
MD5

d17695e9c272d865d398592ac4b74623
SHA1

f41966de07ef6bf7dc4d96692b0be5a205e12cbc
SHA256

2820898b2f7b07067f4873135fa66bff7315b29825ed11802eef98ddb934d171
SHA512

d9f91726a10445c190de19a50d63b61fb5cbd23aa66bac2ac828e22ee342b27e7506ddd13a02dead48a7ae4d0043bb26e0e7e70152984ce1bad1847b7e2676e3

Score

10^/10

raccoon b9c565b379143847a46237403a5da448d32935f8 agilenet stealer

Static task

static1

Behavioral task

behavioral1

Sample

pago-caja.exe

Resource

win7-en-20211014

raccoon b9c565b379143847a46237403a5da448d32935f8 agilenet stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

pago-caja.exe

Resource

win10-en-20211104

raccoon b9c565b379143847a46237403a5da448d32935f8 agilenet stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

b9c565b379143847a46237403a5da448d32935f8

Attributes

url4cnc
http://91.219.236.162/ogaollebro1
http://185.163.47.176/ogaollebro1
http://193.38.54.238/ogaollebro1
http://74.119.192.122/ogaollebro1
http://91.219.236.240/ogaollebro1
https://t.me/ogaollebro1

rc4.plain

rc4.plain

Targets

- Target
  
  pago-caja.exe
- Size
  
  1.4MB
- MD5
  
  d17695e9c272d865d398592ac4b74623
- SHA1
  
  f41966de07ef6bf7dc4d96692b0be5a205e12cbc
- SHA256
  
  2820898b2f7b07067f4873135fa66bff7315b29825ed11802eef98ddb934d171
- SHA512
  
  d9f91726a10445c190de19a50d63b61fb5cbd23aa66bac2ac828e22ee342b27e7506ddd13a02dead48a7ae4d0043bb26e0e7e70152984ce1bad1847b7e2676e3
Score

10^/10

raccoon b9c565b379143847a46237403a5da448d32935f8 agilenet stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonb9c565b379143847a46237403a5da448d32935f8agilenetstealer

behavioral2

raccoonb9c565b379143847a46237403a5da448d32935f8agilenetstealer

© 2018-2024

Terms | Privacy