Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

Setup.zip
Size

7MB
Sample

230202-pzp5csac6z
MD5

47976ffa51531a891c436cfb7f137376
SHA1

0c489efed45a300f8ed2910e977bbb6c4ca78f4f
SHA256

8e21b9bb89ed04bc117e6a05738ddb265753d062cd5c1c6d26273ff158f02485
SHA512

be73736b2d1897f77beb397398b0205658a24e5a620d7bd36004eb877d75f609a748972044406769fc78ec4f1651e8b59e4d3081627170ba45f8d99431773794
SSDEEP

98304:1mKL8zReaNRnGrJYzqaBXogUO6v4AQvlsMvjf4VPRs6BZSrtP+ksennd0crKzAUt:4ayQkZ5MOd7vrvjQ/XZSrtP+k5nizy4V

Score

10^/10

raccoon 0eceb3d1f21f3ea1b454c7f4a9867731 stealer

Malware Config

Extracted

Family

raccoon

Botnet

0eceb3d1f21f3ea1b454c7f4a9867731

C2

http://146.70.86.11/

http://69.46.15.158/

rc4.plain

Targets

- Target
  
  Setup.exe
- Size
  
  726MB
- MD5
  
  e947e10d9a4b2aaccddc84e2393f9404
- SHA1
  
  d3efd66c182ddd02c11fc753aa6d8a8842ab1b4e
- SHA256
  
  76b810acad15caa149bf44aaf25d8acaec813fca01ee0dc01e815368de2b5664
- SHA512
  
  e115cbf67e65dc1a8febb62f633fb04b88a2a02ea472c4431f0f7d62385eed3daf989419021c201f6903b23fb311e57d16d22f4e295130f36eb67701b4428790
- SSDEEP
  
  98304:7dEPYMOo5jW4WF7KhlKBLaNi54hqjzB0gbY+ApQJMQZCWpn4XAWwLYOgLe89i:KPYMVna7GK6i54hqjqmA6dn4XA9YO8dc
Score

10^/10

raccoon 0eceb3d1f21f3ea1b454c7f4a9867731 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2

raccoon0eceb3d1f21f3ea1b454c7f4a9867731stealer