raccoon | 69243f2c8b6d86ebe83580d0717b7faecac3b60c7a5ea0b5bfd606df6d09f559 | Triage

Sharing

General

Target

69243f2c8b6d86ebe83580d0717b7faecac3b60c7a5ea0b5bfd606df6d09f559
Size

584KB
Sample

211111-29x9yaccg3
MD5

13ae9a4e03e5dee5ba5d127c190d9183
SHA1

9f62f00b53ddec2b56f8f00caa4df6e790a5b9a9
SHA256

69243f2c8b6d86ebe83580d0717b7faecac3b60c7a5ea0b5bfd606df6d09f559
SHA512

ef08ba4bc9ab58b6899735153a8bf09f28e840336263e06f833b013d78cdf5f40a500c270def995b66ecd2ee24437100a6372d7f881942477df8c09f9882ec48

Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

4557a7b982bafcd677193713fa5041fa32e7e61e

Attributes

url4cnc
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  69243f2c8b6d86ebe83580d0717b7faecac3b60c7a5ea0b5bfd606df6d09f559
- Size
  
  584KB
- MD5
  
  13ae9a4e03e5dee5ba5d127c190d9183
- SHA1
  
  9f62f00b53ddec2b56f8f00caa4df6e790a5b9a9
- SHA256
  
  69243f2c8b6d86ebe83580d0717b7faecac3b60c7a5ea0b5bfd606df6d09f559
- SHA512
  
  ef08ba4bc9ab58b6899735153a8bf09f28e840336263e06f833b013d78cdf5f40a500c270def995b66ecd2ee24437100a6372d7f881942477df8c09f9882ec48
Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon4557a7b982bafcd677193713fa5041fa32e7e61estealer