raccoon | 2672df533124d3a1f58f06caccf8d56e77e8ce2c9f24f909aa69f465ae6b8871 | Triage

Sharing

General

Target

2672df533124d3a1f58f06caccf8d56e77e8ce2c9f24f909aa69f465ae6b8871
Size

500KB
Sample

211114-nmcg3adcbk
MD5

390f37e9d800eeefd843bb2a8c3b491c
SHA1

e7fa220b5e296dabe9e53c92b900f6e374394e99
SHA256

2672df533124d3a1f58f06caccf8d56e77e8ce2c9f24f909aa69f465ae6b8871
SHA512

83e15e28cb5e272d4c737bc46be2c681528b5d5fe3957ce261261a0fb8af75ea1f2543d66198abb7fecdbcd5b37f41bd2aa59631e7c0e3d9f171815b72679015

Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

675718a5f2ce6d3cacf6cb04a512f5637eae995f

Attributes

url4cnc
http://91.219.236.27/agrybirdsgamerept
http://5.181.156.92/agrybirdsgamerept
http://91.219.236.207/agrybirdsgamerept
http://185.225.19.18/agrybirdsgamerept
http://91.219.237.227/agrybirdsgamerept
http://185.163.47.176/agrybirdsgamerept

rc4.plain

rc4.plain

Targets

- Target
  
  2672df533124d3a1f58f06caccf8d56e77e8ce2c9f24f909aa69f465ae6b8871
- Size
  
  500KB
- MD5
  
  390f37e9d800eeefd843bb2a8c3b491c
- SHA1
  
  e7fa220b5e296dabe9e53c92b900f6e374394e99
- SHA256
  
  2672df533124d3a1f58f06caccf8d56e77e8ce2c9f24f909aa69f465ae6b8871
- SHA512
  
  83e15e28cb5e272d4c737bc46be2c681528b5d5fe3957ce261261a0fb8af75ea1f2543d66198abb7fecdbcd5b37f41bd2aa59631e7c0e3d9f171815b72679015
Score

10^/10

raccoon 675718a5f2ce6d3cacf6cb04a512f5637eae995f stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon675718a5f2ce6d3cacf6cb04a512f5637eae995fstealer