raccoon | 7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
Size

1.8MB
Sample

211110-qn6teaecan
MD5

e3a09969194309cfee0dc7129e80d005
SHA1

e90a7adca20f5bdc6650600af144f8a160daa28f
SHA256

7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
SHA512

a87db6bbe49b727e55fb2c0cd50cfcf1268a968580cfe5a784fd6c5ff3b97190ea597f5a0577c5d7e4331a2065d80ac40aebc9964ab45d50c6e6a4b8343cce4b

Score

10^/10

raccoon 65d90e36e3587fb188a3d819652094e85ff22e28 agilenet stealer

Static task

static1

Behavioral task

behavioral1

Sample

7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e.exe

Resource

win10-en-20211014

raccoon 65d90e36e3587fb188a3d819652094e85ff22e28 agilenet stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

65d90e36e3587fb188a3d819652094e85ff22e28

Attributes

url4cnc
http://178.23.190.57/redhe1r2
http://91.219.236.162/redhe1r2
http://185.163.47.176/redhe1r2
http://193.38.54.238/redhe1r2
http://74.119.192.122/redhe1r2
http://91.219.236.240/redhe1r2
https://t.me/redhe1r2

rc4.plain

rc4.plain

Targets

- Target
  
  7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
- Size
  
  1.8MB
- MD5
  
  e3a09969194309cfee0dc7129e80d005
- SHA1
  
  e90a7adca20f5bdc6650600af144f8a160daa28f
- SHA256
  
  7924ab50084e33902ddc1cf3eda4ad2ede752ece4e6c113fff01ca1633f77a5e
- SHA512
  
  a87db6bbe49b727e55fb2c0cd50cfcf1268a968580cfe5a784fd6c5ff3b97190ea597f5a0577c5d7e4331a2065d80ac40aebc9964ab45d50c6e6a4b8343cce4b
Score

10^/10

raccoon 65d90e36e3587fb188a3d819652094e85ff22e28 agilenet stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon65d90e36e3587fb188a3d819652094e85ff22e28agilenetstealer

© 2018-2024

Terms | Privacy