Overview

overview

10

Static

static

ce6f0ae83b...c6.exe

windows7_x64

10

ce6f0ae83b...c6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce6f0ae83b8633dca1eb926b922c1f95b0cfb6f7701705c5032e025434f20dc6

  • Size

    620KB

  • Sample

    220225-j6j9ssfee5

  • MD5

    e99b08b637533f4f13a43e4ab308251e

  • SHA1

    af477706b05284ce1e7ae336dd60b223df9f68c1

  • SHA256

    30683616b5abd23b0f99dc5972589895086e9a3a85b9cd173e955f83265e953f

  • SHA512

    c580512e55bafb18181b86d187ffdc7fce6e46e8a3749eb313b40b22f7403a29cd9d67e5f829dd2fbbe8b86085073f608f49876e9f4c342ac0fbc83baa2f94dc

Score
10/10
raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes
  • url4cnc

    http://194.180.191.241/capibar

    http://103.155.93.35/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      ce6f0ae83b8633dca1eb926b922c1f95b0cfb6f7701705c5032e025434f20dc6

    • Size

      791KB

    • MD5

      fab6367673f63857ed3a74731657c3df

    • SHA1

      0f7aba66895dede489874beeb1e77bc9219bb2d6

    • SHA256

      ce6f0ae83b8633dca1eb926b922c1f95b0cfb6f7701705c5032e025434f20dc6

    • SHA512

      876039c14aff8e1675af32d68e909dc31c3057f0b59072ccb7e8fe7a697bb1c751f85dbde5103fb4a64e635981480ac278f134dee9a28d81c99249c24dbccc5d

    Score
    10/10
    raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks