raccoon

General

Target

da93edd6f9253ee5e77d344bb8ae52a44b2f6712ce36032bcc9b4fb11a2ee075
Size

249KB
Sample

211204-j1xmyaafgm
MD5

008c95d71696a7fef933e0141e8a32a9
SHA1

cbb5d6badd03f47cc64b81be85a00c2524056961
SHA256

da93edd6f9253ee5e77d344bb8ae52a44b2f6712ce36032bcc9b4fb11a2ee075
SHA512

3a1c2adec3b816989677881d370ea76b665bbad4880fecae5b2bf226335489ded7826b8b8b8548a24a637ed3328262f594f29767e282210be93e2a3bc40793e6

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

049dc5184bb65eb56e4e860bf61427e2a0fcba1e

Attributes

url4cnc
http://185.225.19.18/duglassa1
http://91.219.237.227/duglassa1
https://t.me/duglassa1

rc4.plain

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

b620be4c85b4051a92040003edbc322be4eb082d

Attributes

url4cnc
http://91.219.236.207/capibar
http://185.225.19.18/capibar
http://91.219.237.227/capibar
https://t.me/capibar

rc4.plain

Targets

- Target
  
  da93edd6f9253ee5e77d344bb8ae52a44b2f6712ce36032bcc9b4fb11a2ee075
- Size
  
  249KB
- MD5
  
  008c95d71696a7fef933e0141e8a32a9
- SHA1
  
  cbb5d6badd03f47cc64b81be85a00c2524056961
- SHA256
  
  da93edd6f9253ee5e77d344bb8ae52a44b2f6712ce36032bcc9b4fb11a2ee075
- SHA512
  
  3a1c2adec3b816989677881d370ea76b665bbad4880fecae5b2bf226335489ded7826b8b8b8548a24a637ed3328262f594f29767e282210be93e2a3bc40793e6
Score

10^/10

raccoon redline smokeloader 049dc5184bb65eb56e4e860bf61427e2a0fcba1e b620be4c85b4051a92040003edbc322be4eb082d backdoor discovery infostealer spyware stealer suricata trojan
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1