raccoon | df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee | Triage

Sharing

General

Target

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
Size

1.6MB
Sample

221019-zmtl5agddk
MD5

4bad8e019dc6d8254185426c2fef0c59
SHA1

7b55fcbae0b8c90100a0b8b999292e1c83ab5947
SHA256

df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee
SHA512

c8b82b65ed3eb15fc208147587ea5051dde079eba9006fad751195d2004398c4bd2eed0e1b1aab6cd01a3526eb04b30eb4b0798e6e68f5019c0d4faf155bbf96
SSDEEP

49152:Tm5PrbWIRjUx3FEcLhbu32hEwdGvmKdAzDJ6SM:Tm5j0icVY2hNdGuKdAc

Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 stealer

Malware Config

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://5.2.70.65/

rc4.plain

Targets

- Target
  
  df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee.exe
- Size
  
  1.6MB
- MD5
  
  4bad8e019dc6d8254185426c2fef0c59
- SHA1
  
  7b55fcbae0b8c90100a0b8b999292e1c83ab5947
- SHA256
  
  df7cfb28f642a2341b0cf3d5626ec787a7afb0aacd3e6806b7a0caa3a6dd73ee
- SHA512
  
  c8b82b65ed3eb15fc208147587ea5051dde079eba9006fad751195d2004398c4bd2eed0e1b1aab6cd01a3526eb04b30eb4b0798e6e68f5019c0d4faf155bbf96
- SSDEEP
  
  49152:Tm5PrbWIRjUx3FEcLhbu32hEwdGvmKdAzDJ6SM:Tm5j0icVY2hNdGuKdAc
Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon9b19cf60d9bdf65b8a2495aa965456c3stealer

behavioral2

raccoon9b19cf60d9bdf65b8a2495aa965456c3stealer