raccoon | 7d40cd75b9999824311161e2c1c9dda0dc2382f31eaa1f67d23726e6f0c54516 | Triage

Sharing

General

Target

7d40cd75b9999824311161e2c1c9dda0dc2382f31eaa1f67d23726e6f0c54516
Size

500KB
Sample

211114-hbdyvsfhh8
MD5

6de3280bc033a0486647ffb8111ed2da
SHA1

7055a18318e3e6e131487205d2b1b9e62485eae7
SHA256

7d40cd75b9999824311161e2c1c9dda0dc2382f31eaa1f67d23726e6f0c54516
SHA512

24b309d89e9a74a5c407b9e665196e7ae4f061aa6ef968a4800305b497b10aa09b90e99c91e05737cfd81b0b35840727b7df1721f7a9ea4ae5e48855ef3e5abe

Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes

url4cnc
http://91.219.236.27/agrybirdsgamerept
http://5.181.156.92/agrybirdsgamerept
http://91.219.236.207/agrybirdsgamerept
http://185.225.19.18/agrybirdsgamerept
http://91.219.237.227/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  7d40cd75b9999824311161e2c1c9dda0dc2382f31eaa1f67d23726e6f0c54516
- Size
  
  500KB
- MD5
  
  6de3280bc033a0486647ffb8111ed2da
- SHA1
  
  7055a18318e3e6e131487205d2b1b9e62485eae7
- SHA256
  
  7d40cd75b9999824311161e2c1c9dda0dc2382f31eaa1f67d23726e6f0c54516
- SHA512
  
  24b309d89e9a74a5c407b9e665196e7ae4f061aa6ef968a4800305b497b10aa09b90e99c91e05737cfd81b0b35840727b7df1721f7a9ea4ae5e48855ef3e5abe
Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer