raccoon | a4de6b05daac0da9e80c020a83350fe787f72fdcd6646fdabc15cda395845231 | Triage

Sharing

General

Target

hbtwo_20220318-173935
Size

634KB
Sample

220318-t61xnacbgn
MD5

d8c17cfca59134307cc73c50db5e456f
SHA1

331eeaefd6737149776054487d7bb4256201af3d
SHA256

a4de6b05daac0da9e80c020a83350fe787f72fdcd6646fdabc15cda395845231
SHA512

76c6b973607bb017bbc590e75c034c784095ce450eaeaee0e69e42e7e3d963bc63d1fec2be81239be548eb971979c8c8e4d7e50d2d96d2226e18a7f85910e1a8

Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

1c0fad6805a0f65d7b597130eb9f089ffbe9857d

Attributes

url4cnc
http://194.180.191.241/capibar
http://103.155.93.35/capibar
https://t.me/capibar

rc4.plain

rc4.plain

Targets

- Target
  
  hbtwo_20220318-173935
- Size
  
  634KB
- MD5
  
  d8c17cfca59134307cc73c50db5e456f
- SHA1
  
  331eeaefd6737149776054487d7bb4256201af3d
- SHA256
  
  a4de6b05daac0da9e80c020a83350fe787f72fdcd6646fdabc15cda395845231
- SHA512
  
  76c6b973607bb017bbc590e75c034c784095ce450eaeaee0e69e42e7e3d963bc63d1fec2be81239be548eb971979c8c8e4d7e50d2d96d2226e18a7f85910e1a8
Score

10^/10

raccoon 1c0fad6805a0f65d7b597130eb9f089ffbe9857d stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealer

behavioral2

raccoon1c0fad6805a0f65d7b597130eb9f089ffbe9857dstealersuricata