raccoon | 6ca6b7b7a221701518cd240a938af6cfa7dd8257333f03ba0ab3dabeeddb5d04 | Triage

Sharing

General

Target

5ec064205c786d8ef4bcb5375bf8c7b1.exe
Size

770KB
Sample

220223-svrdeaaeh5
MD5

5ec064205c786d8ef4bcb5375bf8c7b1
SHA1

ada637900401c1c8df31d3580ecafe80f5e7e6cc
SHA256

6ca6b7b7a221701518cd240a938af6cfa7dd8257333f03ba0ab3dabeeddb5d04
SHA512

032388eb56fbf34ba7d6e23d0ffa4bb2eb5c2ea32471c318cb7b6f45469b4e7420abf2ffefd68748a6ac29f0e1bc517b79daa5c2bcc8aa2528792499239381f4

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  5ec064205c786d8ef4bcb5375bf8c7b1.exe
- Size
  
  770KB
- MD5
  
  5ec064205c786d8ef4bcb5375bf8c7b1
- SHA1
  
  ada637900401c1c8df31d3580ecafe80f5e7e6cc
- SHA256
  
  6ca6b7b7a221701518cd240a938af6cfa7dd8257333f03ba0ab3dabeeddb5d04
- SHA512
  
  032388eb56fbf34ba7d6e23d0ffa4bb2eb5c2ea32471c318cb7b6f45469b4e7420abf2ffefd68748a6ac29f0e1bc517b79daa5c2bcc8aa2528792499239381f4
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer