Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

Setup.exe
Size

464MB
Sample

230201-zldvaaea2t
MD5

b7acc6f593be4c46139172e407cd8a31
SHA1

c5da8ad87b48c9fb91737adcecb96c2b8f080d3f
SHA256

51f5d6c6f04596d1911c8b8c400b4c358f31c24f68e15a88b92532d96350f2b2
SHA512

0462ad8c7da7bad9b9a6e4c1814b12f78c7b927fe29265ef4ae5f7569930aebbe683bad6b206fcea2591b3d37031cf67cef64bdeb5de90edcf92c2caa3894827
SSDEEP

24576:0H/uo6PLM7WzcR9IMfmBm8Cvbgu7hkLXsZyJp:a104RjOt8A86

Score

10^/10

raccoon 697fc5d9af6aa2a29510779d2fc54b97 stealer

Malware Config

Extracted

Family

raccoon

Botnet

697fc5d9af6aa2a29510779d2fc54b97

C2

http://83.217.11.27/

http://83.217.11.28/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  464MB
- MD5
  
  b7acc6f593be4c46139172e407cd8a31
- SHA1
  
  c5da8ad87b48c9fb91737adcecb96c2b8f080d3f
- SHA256
  
  51f5d6c6f04596d1911c8b8c400b4c358f31c24f68e15a88b92532d96350f2b2
- SHA512
  
  0462ad8c7da7bad9b9a6e4c1814b12f78c7b927fe29265ef4ae5f7569930aebbe683bad6b206fcea2591b3d37031cf67cef64bdeb5de90edcf92c2caa3894827
- SSDEEP
  
  24576:0H/uo6PLM7WzcR9IMfmBm8Cvbgu7hkLXsZyJp:a104RjOt8A86
Score

10^/10

raccoon 697fc5d9af6aa2a29510779d2fc54b97 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

raccoon697fc5d9af6aa2a29510779d2fc54b97stealer

behavioral2

raccoon697fc5d9af6aa2a29510779d2fc54b97stealer