8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

General
Target

8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

Size

1MB

Sample

220520-dpmqpshhcl

Score
10 /10
MD5

66afe24b36275f561cf6318653aaa6f4

SHA1

94f4bdd9e38b17fac52471936cf7173d37cd001e

SHA256

8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

SHA512

4b99387f9b0b01ee25d0f728c735cb7d2f564602eb934b4ef7898e6ad532f2ccb304ed99ea9eab93bacfdcb81d01911ca0a0a5ebc75e4f92200ec760238bb582

Malware Config

Extracted

Family raccoon
Botnet 98ade1e00a4f6f9a223d8d49f21aeb26d0c74b4a
Attributes
url4cnc
https://drive.google.com/uc?export=download&id=1oyq2bglZBUpcWekyvuAsh8ZchXcReacH
rc4.plain
rc4.plain
Targets
Target

8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

MD5

66afe24b36275f561cf6318653aaa6f4

Filesize

1MB

Score
10/10
SHA1

94f4bdd9e38b17fac52471936cf7173d37cd001e

SHA256

8256fb70454da346b588b8d884ef5ffc0631c1dceeee515a0c92989d36dedd10

SHA512

4b99387f9b0b01ee25d0f728c735cb7d2f564602eb934b4ef7898e6ad532f2ccb304ed99ea9eab93bacfdcb81d01911ca0a0a5ebc75e4f92200ec760238bb582

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • Raccoon Stealer Payload

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        3/10