raccoon | 1227762670b7f30a26b51d681acad249a14986f375f5d659ef36e25e4e8bef1b | Triage

Sharing

General

Target

file.exe
Size

2.7MB
Sample

221027-184jwsdfh5
MD5

081b0db95177c46330d35f2b57937526
SHA1

316f79d3ddd9325476ce52318c2aaae011316897
SHA256

1227762670b7f30a26b51d681acad249a14986f375f5d659ef36e25e4e8bef1b
SHA512

e84ebf6d234e8a909887093fd0b33dc7e4b158b03012fc9863ac9e73e5381aefc554d96d45562e5cf75eda7b4d0c2652f87ec2d16d584318acab6b9b3bf49b60
SSDEEP

49152:JoAbBbTsYtX9jHCj2D1WCA4R8oq4eNJ/V/:X1W

Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 stealer

Malware Config

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://5.2.70.65/

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  2.7MB
- MD5
  
  081b0db95177c46330d35f2b57937526
- SHA1
  
  316f79d3ddd9325476ce52318c2aaae011316897
- SHA256
  
  1227762670b7f30a26b51d681acad249a14986f375f5d659ef36e25e4e8bef1b
- SHA512
  
  e84ebf6d234e8a909887093fd0b33dc7e4b158b03012fc9863ac9e73e5381aefc554d96d45562e5cf75eda7b4d0c2652f87ec2d16d584318acab6b9b3bf49b60
- SSDEEP
  
  49152:JoAbBbTsYtX9jHCj2D1WCA4R8oq4eNJ/V/:X1W
Score

10^/10

raccoon 9b19cf60d9bdf65b8a2495aa965456c3 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

raccoon9b19cf60d9bdf65b8a2495aa965456c3stealer