raccoon | c9ac2f3d59f78f95bfc4c7276a58d4be9382f5646f191d407212c279b7a85656 | Triage

Sharing

General

Target

f64c5ab329827be26bc970d622d185ec.exe
Size

552KB
Sample

220311-vlflnaddfk
MD5

f64c5ab329827be26bc970d622d185ec
SHA1

178076d5f23acd4dfb5fadcb5755e8836d99f040
SHA256

c9ac2f3d59f78f95bfc4c7276a58d4be9382f5646f191d407212c279b7a85656
SHA512

f8e611ced76baf84a59dbf6b2e88ce5986c615a7765c8c5dbe07aaa4da1ef40a27ce4eac4b0b97bba8165f990a20022dc6b75edcaa556c24c63e46cb699e1b6e

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  f64c5ab329827be26bc970d622d185ec.exe
- Size
  
  552KB
- MD5
  
  f64c5ab329827be26bc970d622d185ec
- SHA1
  
  178076d5f23acd4dfb5fadcb5755e8836d99f040
- SHA256
  
  c9ac2f3d59f78f95bfc4c7276a58d4be9382f5646f191d407212c279b7a85656
- SHA512
  
  f8e611ced76baf84a59dbf6b2e88ce5986c615a7765c8c5dbe07aaa4da1ef40a27ce4eac4b0b97bba8165f990a20022dc6b75edcaa556c24c63e46cb699e1b6e
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata