raccoon | 2110de2df348890eae61adc38f726c8f5c746cc14c0e5364aec3a3580b72d388 | Triage

Sharing

General

Target

2110de2df348890eae61adc38f726c8f5c746cc14c0e5364aec3a3580b72d388
Size

1.1MB
Sample

220612-lq5xnsffgq
MD5

88c26e240d5dc57ee1eb2abdde762afd
SHA1

edd18d72536c38cd8c546e679dcd424566ec7429
SHA256

2110de2df348890eae61adc38f726c8f5c746cc14c0e5364aec3a3580b72d388
SHA512

ab0d167931f57c5eefb3b39bd500705ebe55aaebc73d7817534f011f1d3ad8c05bad32d61da8abf8b08dc2a028a5d30f9a959b93770f0eb89836b7a9bb92b13c

Score

10^/10

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata

Malware Config

Extracted

Family

raccoon

Botnet

231a2bef03530ea1eb31f9ad27af7d488aca1ee8

Attributes

url4cnc
http://85.159.212.113/sibiusio
http://185.163.204.81/sibiusio
http://194.180.191.33/sibiusio
http://174.138.11.98/sibiusio
http://194.180.191.44/sibiusio
http://91.219.236.120/sibiusio
https://t.me/sibiusio

rc4.plain

rc4.plain

Targets

- Target
  
  2110de2df348890eae61adc38f726c8f5c746cc14c0e5364aec3a3580b72d388
- Size
  
  1.1MB
- MD5
  
  88c26e240d5dc57ee1eb2abdde762afd
- SHA1
  
  edd18d72536c38cd8c546e679dcd424566ec7429
- SHA256
  
  2110de2df348890eae61adc38f726c8f5c746cc14c0e5364aec3a3580b72d388
- SHA512
  
  ab0d167931f57c5eefb3b39bd500705ebe55aaebc73d7817534f011f1d3ad8c05bad32d61da8abf8b08dc2a028a5d30f9a959b93770f0eb89836b7a9bb92b13c
Score

10^/10

raccoon 231a2bef03530ea1eb31f9ad27af7d488aca1ee8 stealer suricata
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata: ET MALWARE Win32.Raccoon Stealer - Telegram Mirror Checkin (generic)
  suricata
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon231a2bef03530ea1eb31f9ad27af7d488aca1ee8stealer

behavioral2

raccoon231a2bef03530ea1eb31f9ad27af7d488aca1ee8stealersuricata