raccoon | 06dcc8ec05a3ec53b0066ce702d40993f9862644a37ddce050e03b23ba65a746 | Triage

Sharing

General

Target

06DCC8EC05A3EC53B0066CE702D40993F9862644A37DD.exe
Size

1.6MB
Sample

220206-kfcbyahabm
MD5

dc0ad30780b013edc6d44f42873cca6f
SHA1

7bc36922bb282fb37ae76ca0ab584937a32555b4
SHA256

06dcc8ec05a3ec53b0066ce702d40993f9862644a37ddce050e03b23ba65a746
SHA512

4672fe9cdfe00cff01bedea476b0d4405f443418d78dc3f4dfb5bd469f7124d89e9ba2647ca48f48622a7040d1cc449e43905b575d497d4663a80053f5c49523

Score

10^/10

raccoon efc20640b4b1564934471e6297b87d8657db774a stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

efc20640b4b1564934471e6297b87d8657db774a

Attributes

url4cnc
http://91.219.236.162/jredmankun
http://185.163.47.176/jredmankun
http://193.38.54.238/jredmankun
http://74.119.192.122/jredmankun
http://91.219.236.240/jredmankun
https://t.me/jredmankun

rc4.plain

rc4.plain

Targets

- Target
  
  06DCC8EC05A3EC53B0066CE702D40993F9862644A37DD.exe
- Size
  
  1.6MB
- MD5
  
  dc0ad30780b013edc6d44f42873cca6f
- SHA1
  
  7bc36922bb282fb37ae76ca0ab584937a32555b4
- SHA256
  
  06dcc8ec05a3ec53b0066ce702d40993f9862644a37ddce050e03b23ba65a746
- SHA512
  
  4672fe9cdfe00cff01bedea476b0d4405f443418d78dc3f4dfb5bd469f7124d89e9ba2647ca48f48622a7040d1cc449e43905b575d497d4663a80053f5c49523
Score

10^/10

raccoon efc20640b4b1564934471e6297b87d8657db774a stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoonefc20640b4b1564934471e6297b87d8657db774astealer