raccoon | 1ab9efe111695feb17f05926de8835c34526f4b6bad37524d13642cbb61edce2 | Triage

Sharing

General

Target

1ab9efe111695feb17f05926de8835c34526f4b6bad37524d13642cbb61edce2
Size

448KB
Sample

211112-y28h6abbcn
MD5

6c243d736f527bfd101861cbb89b1f92
SHA1

0a70009e9c62d68a8fcd0e41a1c356b1f550c60a
SHA256

1ab9efe111695feb17f05926de8835c34526f4b6bad37524d13642cbb61edce2
SHA512

399895a0af406915a8e8200de6b9513dfef49f19120fe3dbb4e47cdb95590f5f298add0beed1c02f80881a9214ce688e868000554a14b9b5d3abae57bb9fc21a

Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

4557a7b982bafcd677193713fa5041fa32e7e61e

Attributes

url4cnc
http://91.219.236.162/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept
http://193.38.54.238/agrybirdsgamerept
http://74.119.192.122/agrybirdsgamerept
http://91.219.236.240/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  1ab9efe111695feb17f05926de8835c34526f4b6bad37524d13642cbb61edce2
- Size
  
  448KB
- MD5
  
  6c243d736f527bfd101861cbb89b1f92
- SHA1
  
  0a70009e9c62d68a8fcd0e41a1c356b1f550c60a
- SHA256
  
  1ab9efe111695feb17f05926de8835c34526f4b6bad37524d13642cbb61edce2
- SHA512
  
  399895a0af406915a8e8200de6b9513dfef49f19120fe3dbb4e47cdb95590f5f298add0beed1c02f80881a9214ce688e868000554a14b9b5d3abae57bb9fc21a
Score

10^/10

raccoon 4557a7b982bafcd677193713fa5041fa32e7e61e stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon4557a7b982bafcd677193713fa5041fa32e7e61estealer