Overview

overview

10

Static

static

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.5MB

  • Sample

    221027-sa2nmsceb7

  • MD5

    85c27c29bcd669111e83ece79e7e0a62

  • SHA1

    24cb399e0de0896709242e3e2cc2b0435d5c206e

  • SHA256

    c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9

  • SHA512

    9d01e2e090c553f3de1a85300f7faa36cee4a4e135ec47854529aaa1fe2fd2e0313b8202dbf875b6cc21e0a1ec46d1c1d379563ad7560470dd0a246c8bae7e99

  • SSDEEP

    24576:DqkwrOTxquuoM1iHVHv/Rkelbl1RWuetgVR04suAKluiCionxi3tWEvvbwDiqBQd:4uuoBVH7XRWFIDpkdj

Score
10/10
raccoon9b19cf60d9bdf65b8a2495aa965456c3stealer

Malware Config

Extracted

Family

raccoon

Botnet

9b19cf60d9bdf65b8a2495aa965456c3

C2

http://5.2.70.65/

rc4.plain

Targets

    • Target

      file.exe

    • Size

      3.5MB

    • MD5

      85c27c29bcd669111e83ece79e7e0a62

    • SHA1

      24cb399e0de0896709242e3e2cc2b0435d5c206e

    • SHA256

      c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9

    • SHA512

      9d01e2e090c553f3de1a85300f7faa36cee4a4e135ec47854529aaa1fe2fd2e0313b8202dbf875b6cc21e0a1ec46d1c1d379563ad7560470dd0a246c8bae7e99

    • SSDEEP

      24576:DqkwrOTxquuoM1iHVHv/Rkelbl1RWuetgVR04suAKluiCionxi3tWEvvbwDiqBQd:4uuoBVH7XRWFIDpkdj

    Score
    10/10
    raccoon9b19cf60d9bdf65b8a2495aa965456c3stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks