General

  • Target

    test9.exe

  • Size

    552KB

  • Sample

    220510-grhfjsafbp

  • MD5

    6b2a1bdeb277bbec7ca7b450787dd2ee

  • SHA1

    62d8acc30d74066aa4e2bd7c30bfa99ad1b4574c

  • SHA256

    fd7b01818107ade3811fe5070491ef2a4bb208ca68bb07710f5c540e44a1e97b

  • SHA512

    cc32e883b9a10d8e774ebec3affeacca7bff573061043d2ef74d638d24977646e3ff3580ddd587e8c6739b2d9b5de0532917e39cc1a20ba2a7c8c3141edcb8af

Malware Config

Extracted

Family

raccoon

Botnet

4a4c4acb62708e2b8f51583787f979bb17da6731

Attributes
  • url4cnc

    http://185.163.204.81/sendmenuw

    http://194.180.191.33/sendmenuw

    http://174.138.11.98/sendmenuw

    http://194.180.191.44/sendmenuw

    http://91.219.236.120/sheinl

    https://t.me/sendmenuw

rc4.plain
rc4.plain

Targets

    • Target

      test9.exe

    • Size

      552KB

    • MD5

      6b2a1bdeb277bbec7ca7b450787dd2ee

    • SHA1

      62d8acc30d74066aa4e2bd7c30bfa99ad1b4574c

    • SHA256

      fd7b01818107ade3811fe5070491ef2a4bb208ca68bb07710f5c540e44a1e97b

    • SHA512

      cc32e883b9a10d8e774ebec3affeacca7bff573061043d2ef74d638d24977646e3ff3580ddd587e8c6739b2d9b5de0532917e39cc1a20ba2a7c8c3141edcb8af

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

      suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)

    • suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

      suricata: ET MALWARE Win32.Raccoon Stealer Checkin M6

MITRE ATT&CK Matrix

Tasks