raccoon | 9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
Size

1.0MB
Sample

220104-la97fsgab4
MD5

85dde45316f09ce3d63d43de2c729315
SHA1

f559f0b629440cdbfab32d2b6af878677f95a9e3
SHA256

9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
SHA512

b9340f9c2e93d19ab4b1c307fb063d2dd9e25e08af2976e992c3fda0e34b79e7aa0ff461cf0109dd70e53dd2512df6d121436b47a8e4d4647e2dad819265d767

Score

10^/10

raccoon redline cheat e9f10fade0328e7cef5c9f5bf00076086ba5a8a1 infostealer stealer

Static task

static1

Behavioral task

behavioral1

Sample

9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e.exe

Resource

win10-en-20211208

raccoon redline cheat e9f10fade0328e7cef5c9f5bf00076086ba5a8a1 infostealer stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

185.215.113.57:50723

Extracted

Family

redline

Botnet

cheat

C2

45.147.196.146:6213

Extracted

Family

raccoon

Botnet

e9f10fade0328e7cef5c9f5bf00076086ba5a8a1

Attributes

url4cnc
http://91.219.236.18/baldandbankrupt1
http://194.180.174.41/baldandbankrupt1
http://91.219.236.148/baldandbankrupt1
https://t.me/baldandbankrupt1

rc4.plain

rc4.plain

Targets

- Target
  
  9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
- Size
  
  1.0MB
- MD5
  
  85dde45316f09ce3d63d43de2c729315
- SHA1
  
  f559f0b629440cdbfab32d2b6af878677f95a9e3
- SHA256
  
  9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
- SHA512
  
  b9340f9c2e93d19ab4b1c307fb063d2dd9e25e08af2976e992c3fda0e34b79e7aa0ff461cf0109dd70e53dd2512df6d121436b47a8e4d4647e2dad819265d767
Score

10^/10

raccoon redline cheat e9f10fade0328e7cef5c9f5bf00076086ba5a8a1 infostealer stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonredlinecheate9f10fade0328e7cef5c9f5bf00076086ba5a8a1infostealerstealer

© 2018-2024

Terms | Privacy