raccoon | 88c7068d215d547b3382ca251bfc2f9eb9e27cf7b55d356c153eb93038445ecc | Triage

Sharing

General

Target

b1d5c70027e084f56ece407a741a29ec.bin
Size

4.3MB
Sample

230130-x552rscb97
MD5

98787ad393ea5d568df3d257e57b5e3a
SHA1

1574299005d408d0255fb3ae7fc9ac7f4d2f2c43
SHA256

88c7068d215d547b3382ca251bfc2f9eb9e27cf7b55d356c153eb93038445ecc
SHA512

0b6095dd8538fcb9a6f30c1ae8a32eb39f7b0e9a260085ea31f7df482247ba43dacbe76b53003273f2110eb701167f5db4e2d943982cbf7a53658b5da6daf5af
SSDEEP

98304:a+eea1uaEp4WZSDbpg4xkLbkPycb+1CYahSaZROH:a+eXbppxWk6c61B/SOH

Score

10^/10

raccoon 058b163252af946c77f376d3f457096b stealer

Malware Config

Extracted

Family

raccoon

Botnet

058b163252af946c77f376d3f457096b

C2

http://160.119.253.242

rc4.plain

Targets

- Target
  
  filesetup_v17.3.4/filesetup_v17.3.4.jpg
- Size
  
  694.8MB
- MD5
  
  849969eee450278d949286e3cf2e49fa
- SHA1
  
  c7aa87546edb8768afae08a3a6f5c30dd1934042
- SHA256
  
  63bfe18c23479fb787df25a84cb7e54d76528fdea1532b2b034f00b41b7cc923
- SHA512
  
  fb59a22784d86bc72f285d6d6ebae433de82e16ed0baa5a5dfb35619559f96977d2b6898b4fa7b5cc85ebebfd1c371b686810518ccc6e90c7a835f033bca6651
- SSDEEP
  
  12288:i1Bb9l5UFIM1mKtWJUSw30mav4C5Go8lA2Qp32zYsALPm1ir/khIjuDepZa2RCjt:i1RxkIM1K1q
Score

10^/10

raccoon 058b163252af946c77f376d3f457096b stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoon058b163252af946c77f376d3f457096bstealer