raccoon | 9d1ff9402bfeb4858e1f7ba99d8ff16f5aa9b0f1c599073baba7c4d028e93437 | Triage

Sharing

General

Target

setupsoftapp19.0.zip
Size

6.6MB
Sample

230127-vkl22sdf6w
MD5

f5ddb3f3ec3475bc27a601a3bb0bc080
SHA1

fb70fefb15231484174a0a18e5254bee2c6d7640
SHA256

9d1ff9402bfeb4858e1f7ba99d8ff16f5aa9b0f1c599073baba7c4d028e93437
SHA512

05db5697e7265406fc1d86a76b6cab510f6ae85017b76361f74ad996f21fe2ddfdcb95fbb15f991c990c34d3e7a716633891f00a69f2e92ef11b24f37fb0f7ac
SSDEEP

196608:qw2Ln4n7Ro8WvNI3bo27GrM5sZL4ETLFmob:qwwny7u5v4bBUM5iL4lob

Score

10^/10

raccoon 3f4a8564e5026a245d6974b020b3f6de stealer

Malware Config

Extracted

Family

raccoon

Botnet

3f4a8564e5026a245d6974b020b3f6de

C2

http://45.15.156.225/

rc4.plain

Targets

- Target
  
  setupsoftapp19.0/setupsoftapp19.0.exe
- Size
  
  764.3MB
- MD5
  
  77b44f4ae99f079256dad77cf20f3107
- SHA1
  
  f34d058b608704691baeda3ab1da644c6862080d
- SHA256
  
  37472fc095520bd574f834e9ffb83bcfd2ddcd6e1daf42d3f0bb4b93cd7e60f0
- SHA512
  
  9c3f9e1bd2f37d45377ad211026fb6bfd02cb199f12d1c156aec0efe6ac846e3eb7c2f06ab1c5f38daee7b08c2a970d8fb1e72d8dba92e758aab8dbd428f5a02
- SSDEEP
  
  12288:qV2WaDWiOLSIjd41ms2b8fz8AGDUux81k8ucc+SKtI7AjglxP4TQ+LyfOx9h7L4Y:vy3m1fgBACLN1q
Score

10^/10

raccoon 3f4a8564e5026a245d6974b020b3f6de stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoon3f4a8564e5026a245d6974b020b3f6destealer