Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

Notepad_v8.4.1.zip
Size

10MB
Sample

230201-zrghcscb66
MD5

0293796c09ab75efc79907bd86e16d4e
SHA1

7a2168b69c3715c1517959131c6868c76cd2c479
SHA256

09f70fa04cfe8be4dcd2ac58f8c3a8a469f6c70fdf7e236d05cbc9c8c7d40391
SHA512

84a11ac90278cc47c62b6660a264f9d619f49467c3d7d6eb7f98c1a5548409b32845a1a9dd250180f3e6f82e3f9b6eb2ee20bc8fb09499ce40492162683d7d2a
SSDEEP

196608:9ZcHZcEittnpL3qxnSb459dnm5hBdDnPkMB267tybcwkhHOabDzqFIdeFt9Vq:9ZQZGL3RbITQhBdbE6p3wkhHOabDkTXq

Score

10^/10

raccoon 6471658e2f49c08476aafe55fb7366b0 stealer

Malware Config

Extracted

Family

raccoon

Botnet

6471658e2f49c08476aafe55fb7366b0

C2

http://91.234.254.143/

rc4.plain

Targets

- Target
  
  Notepp_v8.4.1.exe
- Size
  
  726MB
- MD5
  
  b965849f9cb7a5682f7360e2e11e18a7
- SHA1
  
  701c9f5c440ba3d66ed2cb811fdf0d70bbb3c752
- SHA256
  
  4550a980c9d26b4d8bca56554cf8306035a2f11f008eafe441443eb917f38234
- SHA512
  
  fa0c506896aa63aef8b2d0092d5ee8bdbaf28f2fa8f01231bcbe98d11b75216583932dcd0761489e499fefe79d4acbe347197f63fb8bc96c922986f5620fb3f3
- SSDEEP
  
  98304:1ebHh5VT5R7wi9co9645B6zQji648PJQ/2uypUJM2SBBbQc0s01aNG6mXh23ViV/:UbHh5h5Fb9cOX6GPJe5yCOnXNhmx2S/
Score

10^/10

raccoon 6471658e2f49c08476aafe55fb7366b0 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

raccoon6471658e2f49c08476aafe55fb7366b0stealer