Overview

overview

10

Static

static

filesetup_v17.3.4.exe

windows7-x64

1

filesetup_v17.3.4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a397760dd396a44b3a305b1ea4a1c92.bin

  • Size

    3.2MB

  • Sample

    230130-xdxw3sbf52

  • MD5

    b8b71c35afd491e3873ca95c2e74733f

  • SHA1

    838a6e883af53a0327fc5b1b24bfbf617b997d71

  • SHA256

    02d9ae7d0d0302f182bced1655c9902a9c231ac30a5ece1ebbb635946e86f26b

  • SHA512

    b4756f5de8f3443f66001ad2f0bc6e0892d9fb16bd3c2e7caadb661c8e88ce91d031e8b992ff485a86718a07c83c10ce00cf9cdc5cbe42388b86a0c5cfeea95f

  • SSDEEP

    98304:RjT9cJf1O+xd/6tKK6SmDozm0xgaZ2umLnb7:R/8fwGwYD8mbaZIT

Score
10/10
raccoon058b163252af946c77f376d3f457096bstealer

Malware Config

Extracted

Family

raccoon

Botnet

058b163252af946c77f376d3f457096b

C2

http://160.119.253.242

rc4.plain

Targets

    • Target

      filesetup_v17.3.4.exe

    • Size

      694.8MB

    • MD5

      849969eee450278d949286e3cf2e49fa

    • SHA1

      c7aa87546edb8768afae08a3a6f5c30dd1934042

    • SHA256

      63bfe18c23479fb787df25a84cb7e54d76528fdea1532b2b034f00b41b7cc923

    • SHA512

      fb59a22784d86bc72f285d6d6ebae433de82e16ed0baa5a5dfb35619559f96977d2b6898b4fa7b5cc85ebebfd1c371b686810518ccc6e90c7a835f033bca6651

    • SSDEEP

      12288:i1Bb9l5UFIM1mKtWJUSw30mav4C5Go8lA2Qp32zYsALPm1ir/khIjuDepZa2RCjt:i1RxkIM1K1q

    Score
    10/10
    raccoon058b163252af946c77f376d3f457096bstealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks