raccoon | 054888dc2214982e2c8204d6b304c7d719f1f221afc9dfcc65dd941d4028a332 | Triage

Sharing

General

Target

c67b980d4c9a5653c627558ae7d16870f545456a
Size

520KB
Sample

230131-p7fkwsgd87
MD5

c0179ae2f540610782ddcefa56a7c512
SHA1

c67b980d4c9a5653c627558ae7d16870f545456a
SHA256

054888dc2214982e2c8204d6b304c7d719f1f221afc9dfcc65dd941d4028a332
SHA512

d7f052144846f9554139e9a0697ff0e7009ced6f67eefaf5b91c99bd783401f99d7941a31490a91007ce00fedca6eac2f15591c661dab8e423799f55f5246b0c
SSDEEP

6144:dYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYl:1p/5R0g6QwlJRGLAIBcosKn7SE1

Score

10^/10

raccoon ff85621b9b7e77782fcfd9e75aa2a3e1 stealer

Malware Config

Extracted

Family

raccoon

Botnet

ff85621b9b7e77782fcfd9e75aa2a3e1

C2

http://80.85.139.245/

rc4.plain

Targets

- Target
  
  c67b980d4c9a5653c627558ae7d16870f545456a
- Size
  
  520KB
- MD5
  
  c0179ae2f540610782ddcefa56a7c512
- SHA1
  
  c67b980d4c9a5653c627558ae7d16870f545456a
- SHA256
  
  054888dc2214982e2c8204d6b304c7d719f1f221afc9dfcc65dd941d4028a332
- SHA512
  
  d7f052144846f9554139e9a0697ff0e7009ced6f67eefaf5b91c99bd783401f99d7941a31490a91007ce00fedca6eac2f15591c661dab8e423799f55f5246b0c
- SSDEEP
  
  6144:dYb3Yp1p/5R04X65ml66joPiMtTHt2erzXwixmkGLAIBch6dB7FWKkAl7zGihJYl:1p/5R0g6QwlJRGLAIBcosKn7SE1
Score

10^/10

raccoon ff85621b9b7e77782fcfd9e75aa2a3e1 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoonff85621b9b7e77782fcfd9e75aa2a3e1stealer