Overview

overview

10

Static

static

35448c23b2...39.exe

windows7_x64

10

35448c23b2...39.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35448c23b2fd6bb04afeff7a5b2860f99cd97c57e85fc8f6800bf2ad1f7de239

  • Size

    695KB

  • Sample

    220215-rqk56ahbaq

  • MD5

    30e40f5a390ced36efa052f1bff8aa74

  • SHA1

    96d747cc17f26f98c1034a7ba6f4035c95e9dc79

  • SHA256

    35448c23b2fd6bb04afeff7a5b2860f99cd97c57e85fc8f6800bf2ad1f7de239

  • SHA512

    70005b28e841e153d6dc0aa5cef946a444a13f5d042b93a1ec9691828a00353cf0a68982d2018308abaa925620ad957957b170adcba038251c458cb40c8d9964

Score
10/10
raccoon8dec62c1db2959619dca43e02fa46ad7bd606400stealersuricata

Malware Config

Extracted

Family

raccoon

Botnet

8dec62c1db2959619dca43e02fa46ad7bd606400

Attributes
  • url4cnc

    http://telegin.top/capibar

    http://ttmirror.top/capibar

    http://teletele.top/capibar

    http://telegalive.top/capibar

    http://toptelete.top/capibar

    http://telegraf.top/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      35448c23b2fd6bb04afeff7a5b2860f99cd97c57e85fc8f6800bf2ad1f7de239

    • Size

      695KB

    • MD5

      30e40f5a390ced36efa052f1bff8aa74

    • SHA1

      96d747cc17f26f98c1034a7ba6f4035c95e9dc79

    • SHA256

      35448c23b2fd6bb04afeff7a5b2860f99cd97c57e85fc8f6800bf2ad1f7de239

    • SHA512

      70005b28e841e153d6dc0aa5cef946a444a13f5d042b93a1ec9691828a00353cf0a68982d2018308abaa925620ad957957b170adcba038251c458cb40c8d9964

    Score
    10/10
    raccoon8dec62c1db2959619dca43e02fa46ad7bd606400stealersuricata

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

      suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks