raccoon | f631367f5fee5f8aa774d8ae228e604c9d4a84b044a5dc9d251852e089ca7e1c | Triage

Sharing

General

Target

f631367f5fee5f8aa774d8ae228e604c9d4a84b044a5dc9d251852e089ca7e1c
Size

474KB
Sample

211110-zamytaacb6
MD5

b899404aa9e6f80f7ed895d2faa431f8
SHA1

f66e947963a60f87e8965601decc3cdcc298dc2a
SHA256

f631367f5fee5f8aa774d8ae228e604c9d4a84b044a5dc9d251852e089ca7e1c
SHA512

aea51626d2d5ec84aadd5110ec317e648d664154eb57f462f182db908db8d60ee294b301a7fcffe112edf6a74046f3456a48d6828fc233cd3e5b10ce401e52db

Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fcdc156d3872c18d25e3ee45499599b45e492a67

Attributes

url4cnc
http://178.23.190.57/rino115sipsip
http://91.219.236.162/rino115sipsip
http://185.163.47.176/rino115sipsip
http://193.38.54.238/rino115sipsip
http://74.119.192.122/rino115sipsip
http://91.219.236.240/rino115sipsip
https://t.me/rino115sipsip

rc4.plain

rc4.plain

Targets

- Target
  
  f631367f5fee5f8aa774d8ae228e604c9d4a84b044a5dc9d251852e089ca7e1c
- Size
  
  474KB
- MD5
  
  b899404aa9e6f80f7ed895d2faa431f8
- SHA1
  
  f66e947963a60f87e8965601decc3cdcc298dc2a
- SHA256
  
  f631367f5fee5f8aa774d8ae228e604c9d4a84b044a5dc9d251852e089ca7e1c
- SHA512
  
  aea51626d2d5ec84aadd5110ec317e648d664154eb57f462f182db908db8d60ee294b301a7fcffe112edf6a74046f3456a48d6828fc233cd3e5b10ce401e52db
Score

10^/10

raccoon fcdc156d3872c18d25e3ee45499599b45e492a67 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonfcdc156d3872c18d25e3ee45499599b45e492a67stealer