raccoon | 12b2a665de2adab975bfc5b96b9a4943bb6172c3b3f5c1331394145a4929dd19 | Triage

Sharing

General

Target

12b2a665de2adab975bfc5b96b9a4943bb6172c3b3f5c1331394145a4929dd19
Size

497KB
Sample

211110-jbxlmsdfhm
MD5

62eb93c30ab04fe541c1f2553a745169
SHA1

e8b986b761f31cea96fde37a9198e20182cbcc22
SHA256

12b2a665de2adab975bfc5b96b9a4943bb6172c3b3f5c1331394145a4929dd19
SHA512

11df95aad0c0ea3c2ac50527ca63d8ce9bd76b6dff56be5ce6f0adbb0e94c5bf2a3690c7add591efcf8d4f5f9dd291cbb504a8b0cdcc888c9a2265d65c4ee5f1

Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fcdc156d3872c18d25e3ee45499599b45e492a67

Attributes

url4cnc
http://178.23.190.57/rino115sipsip
http://91.219.236.162/rino115sipsip
http://185.163.47.176/rino115sipsip
http://193.38.54.238/rino115sipsip
http://74.119.192.122/rino115sipsip
http://91.219.236.240/rino115sipsip
https://t.me/rino115sipsip

rc4.plain

rc4.plain

Targets

- Target
  
  12b2a665de2adab975bfc5b96b9a4943bb6172c3b3f5c1331394145a4929dd19
- Size
  
  497KB
- MD5
  
  62eb93c30ab04fe541c1f2553a745169
- SHA1
  
  e8b986b761f31cea96fde37a9198e20182cbcc22
- SHA256
  
  12b2a665de2adab975bfc5b96b9a4943bb6172c3b3f5c1331394145a4929dd19
- SHA512
  
  11df95aad0c0ea3c2ac50527ca63d8ce9bd76b6dff56be5ce6f0adbb0e94c5bf2a3690c7add591efcf8d4f5f9dd291cbb504a8b0cdcc888c9a2265d65c4ee5f1
Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonfcdc156d3872c18d25e3ee45499599b45e492a67stealer