raccoon | bcba37ea39dbe60b1dd38557aaccf5aca3d6e2d754fa6e6d81e07e18ff3d7e58 | Triage

Sharing

General

Target

hbtwo_20220222-161031
Size

725KB
Sample

220222-szp15sbegr
MD5

4cb40a5915b998c9c70b71e6b54de912
SHA1

15bfedc171add539bcbb2ecf4a1fd9eef1fd97f9
SHA256

bcba37ea39dbe60b1dd38557aaccf5aca3d6e2d754fa6e6d81e07e18ff3d7e58
SHA512

945b1de67d1cc6adb9bbbf1b08d8163c1cbb19f6878242def90aa08354503d98c96e7b53218ef4c1024c1315c3361be59830cbc88308b4ea088d1efe3755ebad

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  hbtwo_20220222-161031
- Size
  
  725KB
- MD5
  
  4cb40a5915b998c9c70b71e6b54de912
- SHA1
  
  15bfedc171add539bcbb2ecf4a1fd9eef1fd97f9
- SHA256
  
  bcba37ea39dbe60b1dd38557aaccf5aca3d6e2d754fa6e6d81e07e18ff3d7e58
- SHA512
  
  945b1de67d1cc6adb9bbbf1b08d8163c1cbb19f6878242def90aa08354503d98c96e7b53218ef4c1024c1315c3361be59830cbc88308b4ea088d1efe3755ebad
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata