Overview

overview

10

Static

static

840a9628f0...be.exe

windows7_x64

10

840a9628f0...be.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    840a9628f0b877320c144b9968a036be

  • Size

    1.2MB

  • Sample

    211115-z16hvagean

  • MD5

    840a9628f0b877320c144b9968a036be

  • SHA1

    ccbd1a391b1960eb818043e6d2e0b67601180dee

  • SHA256

    1a14097ff774fe463491a6c444a4bf3f7419433ebfc86b511757f2f336e44b3b

  • SHA512

    a62b5d6024b57f1b021b2e2873e56b1bf35d682110cc8ff04c2be944c0926084e13f4de6ab6f4f99a30d13f6c4cb2a433960df123159b2aae3782e074dbca27d

Score
10/10
raccoon65d90e36e3587fb188a3d819652094e85ff22e28persistencestealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

65d90e36e3587fb188a3d819652094e85ff22e28

Attributes
  • url4cnc

    http://178.23.190.57/redhe1r2

    http://91.219.236.162/redhe1r2

    http://185.163.47.176/redhe1r2

    http://193.38.54.238/redhe1r2

    http://74.119.192.122/redhe1r2

    http://91.219.236.240/redhe1r2

    https://t.me/redhe1r2

rc4.plain
rc4.plain

Targets

    • Target

      840a9628f0b877320c144b9968a036be

    • Size

      1.2MB

    • MD5

      840a9628f0b877320c144b9968a036be

    • SHA1

      ccbd1a391b1960eb818043e6d2e0b67601180dee

    • SHA256

      1a14097ff774fe463491a6c444a4bf3f7419433ebfc86b511757f2f336e44b3b

    • SHA512

      a62b5d6024b57f1b021b2e2873e56b1bf35d682110cc8ff04c2be944c0926084e13f4de6ab6f4f99a30d13f6c4cb2a433960df123159b2aae3782e074dbca27d

    Score
    10/10
    raccoon65d90e36e3587fb188a3d819652094e85ff22e28persistencestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks