raccoon | 933cbc2ce161202631dece41c483c55e7fe46a0211c60276e9f77ddc13cbddbd | Triage

Sharing

General

Target

adbf34a17e486a4e325423ac6e8fecf1.bin
Size

136KB
Sample

230131-kwd6gafg23
MD5

a6d4e837b887b65c7bf4918b57f5cd9a
SHA1

c6312a745c929112d62e6af5ad788626d3cbe9fe
SHA256

933cbc2ce161202631dece41c483c55e7fe46a0211c60276e9f77ddc13cbddbd
SHA512

be346bd595a5895b8ae7d183065bc0febebf7e8f28c006e3b68302a341875a334674151f42f52d91ca6047cee582c11decf1172c1a86ae73e9620045dafec1d5
SSDEEP

3072:49CD3LohGb3gRNDt7v3cktLCqUi6mc8eYWHAYuq9cH/TrjBm:4gD3Lo06Bv3JX6mh4HAC9cH/TrjBm

Score

10^/10

raccoon 96524e21debcf8762d45c72ca23e2ce6 stealer

Malware Config

Extracted

Family

raccoon

Botnet

96524e21debcf8762d45c72ca23e2ce6

C2

http://45.15.156.225/

rc4.plain

Targets

- Target
  
  aa089445af4df7e50055b303e1476d26e6fa9307c84732f23be5b5fa129e2d36.exe
- Size
  
  249KB
- MD5
  
  adbf34a17e486a4e325423ac6e8fecf1
- SHA1
  
  80210bdfd834397c5a2644aef1601a965af0b0f2
- SHA256
  
  aa089445af4df7e50055b303e1476d26e6fa9307c84732f23be5b5fa129e2d36
- SHA512
  
  d1a48945c7c5ba25f9e3b00c06f74690c7470a054eddc029ce67ab772db8c9109cfe0308b1a4a206854bf5494f9eda7ae4fcffd7707d97e0a17ec441022fbd4e
- SSDEEP
  
  3072:9uz7istXgHWJy2b9gx+XCFsr1aUQo8x59nFW15jxxCHfgvEZrYkZ5rDdhMhsby3j:9ufistzFh8UQ/x7FO5+HlhYkf4kL
Score

10^/10

raccoon 96524e21debcf8762d45c72ca23e2ce6 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoon96524e21debcf8762d45c72ca23e2ce6stealer