raccoon | 81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf | Triage

Sharing

General

Target

81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf
Size

584KB
Sample

211111-zb7plshcap
MD5

4f5ba907fb7eded6df1f11d4f0cca37c
SHA1

b62e01c7c755bc5817704a94784f82af26cd6d8d
SHA256

81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf
SHA512

1705a9e15562f72b33dcc82ec25ba20347c361dffb6b975496e985212040adc1e939e6ea1d64110c729e9fe0a26a741476451b364e13987ffd0e04e2c020d7ea

Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

4557a7b982bafcd677193713fa5041fa32e7e61e

Attributes

url4cnc
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf
- Size
  
  584KB
- MD5
  
  4f5ba907fb7eded6df1f11d4f0cca37c
- SHA1
  
  b62e01c7c755bc5817704a94784f82af26cd6d8d
- SHA256
  
  81fafd7864aff9c218af9d3f9771756b5d1140562d356a201a4e7e8195091dbf
- SHA512
  
  1705a9e15562f72b33dcc82ec25ba20347c361dffb6b975496e985212040adc1e939e6ea1d64110c729e9fe0a26a741476451b364e13987ffd0e04e2c020d7ea
Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon4557a7b982bafcd677193713fa5041fa32e7e61estealer