raccoon | 5c69bc614c6092798cecfa808358e97cda7c0ea53f30e1e124cb14b54cf9f1b0 | Triage

Sharing

General

Target

5c69bc614c6092798cecfa808358e97cda7c0ea53f30e1e124cb14b54cf9f1b0
Size

422KB
Sample

211207-m4wftsgghk
MD5

c58ab85e86005430cf8b4eb02d203271
SHA1

2a8c22a93cfaa5b52d70ccba5a86107dd7955673
SHA256

5c69bc614c6092798cecfa808358e97cda7c0ea53f30e1e124cb14b54cf9f1b0
SHA512

f6d0d607707b7b3b3b390053c16e60627f5f58329d060caa35513fe2af466a25124d3b89a3eb7d59cacecd1a86071788e9a6a1ccd9115a3f516c7327dab6f5ce

Score

10^/10

raccoon a2337059abb40b184e621b38e62ace3e1a158d50 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

a2337059abb40b184e621b38e62ace3e1a158d50

Attributes

url4cnc
http://94.158.245.137/papatikmikr03
http://91.219.236.27/papatikmikr03
http://94.158.245.167/papatikmikr03
http://185.163.204.216/papatikmikr03
http://185.225.19.238/papatikmikr03
http://185.163.204.218/papatikmikr03
https://t.me/papatikmikr03

rc4.plain

rc4.plain

Targets

- Target
  
  5c69bc614c6092798cecfa808358e97cda7c0ea53f30e1e124cb14b54cf9f1b0
- Size
  
  422KB
- MD5
  
  c58ab85e86005430cf8b4eb02d203271
- SHA1
  
  2a8c22a93cfaa5b52d70ccba5a86107dd7955673
- SHA256
  
  5c69bc614c6092798cecfa808358e97cda7c0ea53f30e1e124cb14b54cf9f1b0
- SHA512
  
  f6d0d607707b7b3b3b390053c16e60627f5f58329d060caa35513fe2af466a25124d3b89a3eb7d59cacecd1a86071788e9a6a1ccd9115a3f516c7327dab6f5ce
Score

10^/10

raccoon a2337059abb40b184e621b38e62ace3e1a158d50 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoona2337059abb40b184e621b38e62ace3e1a158d50stealer