raccoon | b2cfcca54559fe12152b31db92c3344cbf9024df4f9ba0bf4bd1790c3963a779 | Triage

Sharing

General

Target

af65544517587aa92863c1c88f587e0c.exe
Size

585KB
Sample

211113-x28y9acdem
MD5

af65544517587aa92863c1c88f587e0c
SHA1

fa5813486fc38cedc1d7706eef79ee4f30892c94
SHA256

b2cfcca54559fe12152b31db92c3344cbf9024df4f9ba0bf4bd1790c3963a779
SHA512

e30637e7611871c5411efd27c1b0f89ec0d6d4188d0a535e0e99eae7e50659e86e2527640933c200be66e5bebf77f43cfedba13ea3c7cfaa1df0b84e4fd8dbf2

Score

10^/10

raccoon 7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes

url4cnc
http://telegatt.top/agrybirdsgamerept
http://telegka.top/agrybirdsgamerept
http://telegin.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  af65544517587aa92863c1c88f587e0c.exe
- Size
  
  585KB
- MD5
  
  af65544517587aa92863c1c88f587e0c
- SHA1
  
  fa5813486fc38cedc1d7706eef79ee4f30892c94
- SHA256
  
  b2cfcca54559fe12152b31db92c3344cbf9024df4f9ba0bf4bd1790c3963a779
- SHA512
  
  e30637e7611871c5411efd27c1b0f89ec0d6d4188d0a535e0e99eae7e50659e86e2527640933c200be66e5bebf77f43cfedba13ea3c7cfaa1df0b84e4fd8dbf2
Score

10^/10

raccoon 7ebf9b416b72a203df65383eec899dc689d2c3d7 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer

behavioral2

raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7stealer