raccoon | 77a28b993e27b8249fa5463748ed15cf0a513402a25bbd72fc00b96fd321e674 | Triage

Sharing

General

Target

77a28b993e27b8249fa5463748ed15cf0a513402a25bbd72fc00b96fd321e674
Size

500KB
Sample

211114-k77l6adbdp
MD5

d513e817da5fbce634ed9609ca78e589
SHA1

95c8614b7c7a709a278a45ae3b7579c9c167ea54
SHA256

77a28b993e27b8249fa5463748ed15cf0a513402a25bbd72fc00b96fd321e674
SHA512

49055ea2137dd1ef65ce8a8932a109c6f06a0ea6bd3fecf3e1c52aabc5dc6cc998b45fef4f030bc3f76e1d25f201f005dbb968e1ea29be7719fd6fb6f413d63a

Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes

url4cnc
http://91.219.236.27/agrybirdsgamerept
http://5.181.156.92/agrybirdsgamerept
http://91.219.236.207/agrybirdsgamerept
http://185.225.19.18/agrybirdsgamerept
http://91.219.237.227/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  77a28b993e27b8249fa5463748ed15cf0a513402a25bbd72fc00b96fd321e674
- Size
  
  500KB
- MD5
  
  d513e817da5fbce634ed9609ca78e589
- SHA1
  
  95c8614b7c7a709a278a45ae3b7579c9c167ea54
- SHA256
  
  77a28b993e27b8249fa5463748ed15cf0a513402a25bbd72fc00b96fd321e674
- SHA512
  
  49055ea2137dd1ef65ce8a8932a109c6f06a0ea6bd3fecf3e1c52aabc5dc6cc998b45fef4f030bc3f76e1d25f201f005dbb968e1ea29be7719fd6fb6f413d63a
Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer