raccoon | f72fabdff727c452defb44ae3e61733d4ec7b6348596222561414967cdfb5670 | Triage

Sharing

General

Target

f72fabdff727c452defb44ae3e61733d4ec7b6348596222561414967cdfb5670
Size

472KB
Sample

211110-tfstcseeep
MD5

4f963ab9064021b3a9139129ad188a3e
SHA1

e4a7cca5763604847bda45c3468802089e0290ca
SHA256

f72fabdff727c452defb44ae3e61733d4ec7b6348596222561414967cdfb5670
SHA512

7d658761f8eaf50d098c3ead613cfdd826e410ea50eedb0793790f158a230908aaced413ff5c973a3aa00989371e92709015be20d28d3f46a1a33cc2f08da0ad

Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fcdc156d3872c18d25e3ee45499599b45e492a67

Attributes

url4cnc
http://178.23.190.57/rino115sipsip
http://91.219.236.162/rino115sipsip
http://185.163.47.176/rino115sipsip
http://193.38.54.238/rino115sipsip
http://74.119.192.122/rino115sipsip
http://91.219.236.240/rino115sipsip
https://t.me/rino115sipsip

rc4.plain

rc4.plain

Targets

- Target
  
  f72fabdff727c452defb44ae3e61733d4ec7b6348596222561414967cdfb5670
- Size
  
  472KB
- MD5
  
  4f963ab9064021b3a9139129ad188a3e
- SHA1
  
  e4a7cca5763604847bda45c3468802089e0290ca
- SHA256
  
  f72fabdff727c452defb44ae3e61733d4ec7b6348596222561414967cdfb5670
- SHA512
  
  7d658761f8eaf50d098c3ead613cfdd826e410ea50eedb0793790f158a230908aaced413ff5c973a3aa00989371e92709015be20d28d3f46a1a33cc2f08da0ad
Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonfcdc156d3872c18d25e3ee45499599b45e492a67stealer