raccoon | 17f034d82769b0c4477038efab7264cf527325f9988f5da5765e7556c7b512da | Triage

Sharing

General

Target

d076c82fc9fea2b41942c4d547353c46.exe
Size

566KB
Sample

211114-h7tn7agae6
MD5

d076c82fc9fea2b41942c4d547353c46
SHA1

93a8104dddf984fc72e387b324cd8e0bf56a66f3
SHA256

17f034d82769b0c4477038efab7264cf527325f9988f5da5765e7556c7b512da
SHA512

8762b4f14af830b44237380cfe7ba89754817516a27635b74c472bf3f2adbb199d1079d09d3910530f8d3f958e6282d5e93469c2a8392d2f67f4e5b41cdd422a

Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes

url4cnc
http://91.219.236.27/agrybirdsgamerept
http://5.181.156.92/agrybirdsgamerept
http://91.219.236.207/agrybirdsgamerept
http://185.225.19.18/agrybirdsgamerept
http://91.219.237.227/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  d076c82fc9fea2b41942c4d547353c46.exe
- Size
  
  566KB
- MD5
  
  d076c82fc9fea2b41942c4d547353c46
- SHA1
  
  93a8104dddf984fc72e387b324cd8e0bf56a66f3
- SHA256
  
  17f034d82769b0c4477038efab7264cf527325f9988f5da5765e7556c7b512da
- SHA512
  
  8762b4f14af830b44237380cfe7ba89754817516a27635b74c472bf3f2adbb199d1079d09d3910530f8d3f958e6282d5e93469c2a8392d2f67f4e5b41cdd422a
Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer

behavioral2

raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer