raccoon | 7fcc48b2b40ebd39192948c22ee86521efa5214b39902ba7700908031d294afd | Triage

Sharing

General

Target

8b7f855915dcbf3d24b6509c7aa6268e
Size

551KB
Sample

220311-xqx3lsdhbm
MD5

8b7f855915dcbf3d24b6509c7aa6268e
SHA1

bc0013c23f4ee0fa803defc9b66f2e91e8e20444
SHA256

7fcc48b2b40ebd39192948c22ee86521efa5214b39902ba7700908031d294afd
SHA512

293de74fd4911cd10dc146538321bdfcb685a497fe816c4062eb0f502d05cc3642a4c97ba5bb81210bb44b419f3cb497953e2a403a5f8c9777e684b949ee1739

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  8b7f855915dcbf3d24b6509c7aa6268e
- Size
  
  551KB
- MD5
  
  8b7f855915dcbf3d24b6509c7aa6268e
- SHA1
  
  bc0013c23f4ee0fa803defc9b66f2e91e8e20444
- SHA256
  
  7fcc48b2b40ebd39192948c22ee86521efa5214b39902ba7700908031d294afd
- SHA512
  
  293de74fd4911cd10dc146538321bdfcb685a497fe816c4062eb0f502d05cc3642a4c97ba5bb81210bb44b419f3cb497953e2a403a5f8c9777e684b949ee1739
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata