Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Use_54321_As_Pass.rar

  • Size

    2MB

  • Sample

    230202-vxajsadc84

  • MD5

    81a0d2d1981579eef73a92a9e17872c1

  • SHA1

    a84c2099e6bbcb1120bf5ae243fdf96bd3847fb0

  • SHA256

    9492642ad34ae6774b07ed2f5835ca95d2b4d555bb17afa090de9cd5965cb41d

  • SHA512

    2f0e7cad2ef45e825364a11fb5e8707c34e28a80b7a1c85dba6f346a0f3175eaf405970a52f2e8615129272bdf992bb4be2a066c5c3ecc9613ff740de47dfea1

  • SSDEEP

    49152:j7mFF+J6ia/RGbZdzzQQ+O+3eqjTTVY38wVKM1+hjUCLgsR:wF+PECz+Reqj3CskKMsJ5x

Score
10/10
raccoon697fc5d9af6aa2a29510779d2fc54b97stealer

Malware Config

Extracted

Family

raccoon

Botnet

697fc5d9af6aa2a29510779d2fc54b97

C2

http://83.217.11.27/

http://83.217.11.28/

rc4.plain

Targets

    • Target

      Setup.exe

    • Size

      464MB

    • MD5

      b7acc6f593be4c46139172e407cd8a31

    • SHA1

      c5da8ad87b48c9fb91737adcecb96c2b8f080d3f

    • SHA256

      51f5d6c6f04596d1911c8b8c400b4c358f31c24f68e15a88b92532d96350f2b2

    • SHA512

      0462ad8c7da7bad9b9a6e4c1814b12f78c7b927fe29265ef4ae5f7569930aebbe683bad6b206fcea2591b3d37031cf67cef64bdeb5de90edcf92c2caa3894827

    • SSDEEP

      24576:0H/uo6PLM7WzcR9IMfmBm8Cvbgu7hkLXsZyJp:a104RjOt8A86

    Score
    10/10
    raccoon697fc5d9af6aa2a29510779d2fc54b97stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks