raccoon | fd27b423af903ced7fb330011ba124b59b60cbdbc64b533132a22ecf983a437d | Triage

Sharing

General

Target

503cb3a027cd593a651b07f3b5206221.exe
Size

627KB
Sample

220310-nax81ahgdj
MD5

503cb3a027cd593a651b07f3b5206221
SHA1

1cbf8ca9d7179e4cd75c086b7629cbd1a7e09cd3
SHA256

fd27b423af903ced7fb330011ba124b59b60cbdbc64b533132a22ecf983a437d
SHA512

f5956bfb0d88c86d8e312d9a8affc04f194c093329c1f3a0450ef233787b8225342416062a96d0f8133e3fc0ff452a44ebd07c981b324c133881d89ec0baf23f

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  503cb3a027cd593a651b07f3b5206221.exe
- Size
  
  627KB
- MD5
  
  503cb3a027cd593a651b07f3b5206221
- SHA1
  
  1cbf8ca9d7179e4cd75c086b7629cbd1a7e09cd3
- SHA256
  
  fd27b423af903ced7fb330011ba124b59b60cbdbc64b533132a22ecf983a437d
- SHA512
  
  f5956bfb0d88c86d8e312d9a8affc04f194c093329c1f3a0450ef233787b8225342416062a96d0f8133e3fc0ff452a44ebd07c981b324c133881d89ec0baf23f
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata