raccoon | 948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267 | Triage

Submit
Reports

Overview

overview

Static

static

Setup_Pass_1234.exe

windows7_x64

Setup_Pass_1234.exe

windows10-2004_x64

Sharing

General

Target

Setup_Pass_1234.exe
Size

4.5MB
Sample

220310-lat58sheaj
MD5

d1b14aa9c41b1fb168f0a33f8da66653
SHA1

4969e9aa47972168ef618363e1b987287379bc7b
SHA256

948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267
SHA512

a760fea05bc71e520350fbbf30239fb3902769d2ce8cdf88f56f29b7ed82fb8d2fd6ad2eab80db03be8784eaf04945e896f473c9c87c49ea550a1d579c47750d

Score

10^/10

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Setup_Pass_1234.exe

Resource

win7-20220223-en

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Setup_Pass_1234.exe

Resource

win10v2004-en-20220113

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

raccoon

Botnet

231a2bef03530ea1eb31f9ad27af7d488aca1ee8

Attributes

url4cnc
http://85.159.212.113/sibiusio
http://185.163.204.81/sibiusio
http://194.180.191.33/sibiusio
http://174.138.11.98/sibiusio
http://194.180.191.44/sibiusio
http://91.219.236.120/sibiusio
https://t.me/sibiusio

rc4.plain

rc4.plain

Targets

- Target
  
  Setup_Pass_1234.exe
- Size
  
  4.5MB
- MD5
  
  d1b14aa9c41b1fb168f0a33f8da66653
- SHA1
  
  4969e9aa47972168ef618363e1b987287379bc7b
- SHA256
  
  948c821b3a3f5b1ee3a8c49a15c449224be9b0e3c13b5876b5ffc67470424267
- SHA512
  
  a760fea05bc71e520350fbbf30239fb3902769d2ce8cdf88f56f29b7ed82fb8d2fd6ad2eab80db03be8784eaf04945e896f473c9c87c49ea550a1d579c47750d
Score

10^/10

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon231a2bef03530ea1eb31f9ad27af7d488aca1ee8stealersuricata

behavioral2

raccoon231a2bef03530ea1eb31f9ad27af7d488aca1ee8stealersuricata

© 2018-2024

Terms | Privacy