raccoon | 3aeac188be8cb282af08c47fa9949c108fb33a99196ab6864947c77731bccb4c | Triage

Sharing

General

Target

181441a56d399865f7008ab0f9298b37.exe
Size

2.0MB
Sample

220308-xlxahsdegl
MD5

181441a56d399865f7008ab0f9298b37
SHA1

d7a1d18e3f145330996e061006b960e8b037652d
SHA256

3aeac188be8cb282af08c47fa9949c108fb33a99196ab6864947c77731bccb4c
SHA512

dcf83f1db37ddfc25cf66b72f5fc29288ef8da1e4420ea6bbd1fbc24b1b96db0d42fec657e8981206fc34c75713bf604435a435dde006004d3cd785586c34f85

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  181441a56d399865f7008ab0f9298b37.exe
- Size
  
  2.0MB
- MD5
  
  181441a56d399865f7008ab0f9298b37
- SHA1
  
  d7a1d18e3f145330996e061006b960e8b037652d
- SHA256
  
  3aeac188be8cb282af08c47fa9949c108fb33a99196ab6864947c77731bccb4c
- SHA512
  
  dcf83f1db37ddfc25cf66b72f5fc29288ef8da1e4420ea6bbd1fbc24b1b96db0d42fec657e8981206fc34c75713bf604435a435dde006004d3cd785586c34f85
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata