raccoon | 1dd39f2643a1235a2bd8a49433009a435f8e813ad94be3228105ec8f4b497acc | Triage

Sharing

General

Target

NewVersion_release_0.7.1_free-Cleaned.exe
Size

309KB
Sample

211129-w6kxjsffb2
MD5

14afffe492bc25bd8e12646856ecb377
SHA1

531475b6f0abb973c8dd4b44878aa2055239b1b3
SHA256

1dd39f2643a1235a2bd8a49433009a435f8e813ad94be3228105ec8f4b497acc
SHA512

046e9327427757102a45a20b4e9e5bb4236e45a5b837f38a6ae43b31a79e68f94d7b7d8f401bf65a836cd47d67e5f474d31a5c142c81ccd8d20565df633b8e52

Score

10^/10

raccoon 2b57df1b9672fee319e2dc39c0f6a5bc1eef79f4 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

2b57df1b9672fee319e2dc39c0f6a5bc1eef79f4

Attributes

url4cnc
http://91.219.236.207/forestbump12
http://185.225.19.18/forestbump12
http://91.219.237.227/forestbump12
https://t.me/forestbump12

rc4.plain

rc4.plain

Targets

- Target
  
  NewVersion_release_0.7.1_free-Cleaned.exe
- Size
  
  309KB
- MD5
  
  14afffe492bc25bd8e12646856ecb377
- SHA1
  
  531475b6f0abb973c8dd4b44878aa2055239b1b3
- SHA256
  
  1dd39f2643a1235a2bd8a49433009a435f8e813ad94be3228105ec8f4b497acc
- SHA512
  
  046e9327427757102a45a20b4e9e5bb4236e45a5b837f38a6ae43b31a79e68f94d7b7d8f401bf65a836cd47d67e5f474d31a5c142c81ccd8d20565df633b8e52
Score

10^/10

raccoon 2b57df1b9672fee319e2dc39c0f6a5bc1eef79f4 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoon2b57df1b9672fee319e2dc39c0f6a5bc1eef79f4stealer

behavioral2

raccoon2b57df1b9672fee319e2dc39c0f6a5bc1eef79f4stealer