Overview

overview

10

Static

static

GIMP_Image_Editor.exe

windows7-x64

10

GIMP_Image_Editor.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GIMP_Image_Editor.rar

  • Size

    195KB

  • Sample

    230131-z11mlaad95

  • MD5

    170be680f0c5dc9f7e524bba070b1d38

  • SHA1

    a190a277b3568c37c0776ee53d976f78c0cb5f6e

  • SHA256

    fe7a2837d94ab16dbc0d7684c574324259d9e3a7006df49afab1287683f65231

  • SHA512

    d8e085c8f324b7272734fffaa6e614a566177d029de958490ba6e125b6dc94099790d0598cdce87852636069caa585b71cdde4db6fdb93ef979e4d114c47c5ee

  • SSDEEP

    3072:HOzzVRRo5pQCwLCHICV8LVzFYgMt46IhNmCVzaswxCfVveyj:cVRRuiCwLBw85ptthYyzffVveQ

Score
10/10
raccoonbd2c43e0b868fc0101a29ea7ad50dd38stealer

Malware Config

Extracted

Family

raccoon

Botnet

bd2c43e0b868fc0101a29ea7ad50dd38

C2

http://188.34.199.86/

rc4.plain

Targets

    • Target

      GIMP_Image_Editor.exe

    • Size

      700.2MB

    • MD5

      6e7818f6c5902684d1ea16df7ee32b9e

    • SHA1

      b541449d13e078a72e8952e0871c47e016f1fde7

    • SHA256

      1a05684f9650eedb9c51a372fcabf5e57f9de114d078fdb8cc944429a07f889b

    • SHA512

      5392d881583b2bd65d22e4db91b296b2211add3daccb5bbd24f288fe1947078ff691e76683cafc47e289003ec369e04932af7b7aecc51fb5fa51042a42fdb9dd

    • SSDEEP

      3072:Wq+Sji9qmSaCTtgEu013CwIWsp3dua+XWmkigRjjaODIGTZqAEsyxvxR+:Rn13ZI9NEW9ig9aODFq6h

    Score
    10/10
    raccoonstealerbd2c43e0b868fc0101a29ea7ad50dd38

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks