raccoon | 4c80017f6e220f46a7cc53234e437ca7ba97bc3639cd961dac22040309ba7a70 | Triage

Sharing

General

Target

30e3a74a9d29671b7638499ef5d59053.bin
Size

188KB
Sample

230207-htlfnahh87
MD5

001dfa3d531cae9b1ad7e5f79af74f06
SHA1

f86f546e0b28443f8a316f9f64bfc1fce78538ac
SHA256

4c80017f6e220f46a7cc53234e437ca7ba97bc3639cd961dac22040309ba7a70
SHA512

316b6788eff791344b6163356ff63e7d74890ac47a317fb20235d5f1e772fde60b1bead9b60e2310276fd066c31f17e0864444c05aea766d2ce9537854578329
SSDEEP

3072:iijIM3ZkeUwK/0BY+/djmDVkHeOsUFedlMru7lvfxht6pkFo8EhAMcXH2Bv:ivMpUQZjmj9+ru7lvfxht6pkFoPAD2Bv

Score

10^/10

raccoon 2dbfb7ebbdc8183124d0ac1729de140a stealer

Malware Config

Extracted

Family

raccoon

Botnet

2dbfb7ebbdc8183124d0ac1729de140a

C2

http://45.15.156.62

rc4.plain

Targets

- Target
  
  7daf07f31b4c9a8f7bebdf7cf06c1de2bffcd2df70f675bcc995906054a77177.exe
- Size
  
  408KB
- MD5
  
  30e3a74a9d29671b7638499ef5d59053
- SHA1
  
  2361cc3085465e3d8e632395b8d5a07ea029c028
- SHA256
  
  7daf07f31b4c9a8f7bebdf7cf06c1de2bffcd2df70f675bcc995906054a77177
- SHA512
  
  14f0040df92886d90c277076b9e90c015c2daccfa20f25da84146359eebd8c299d3102593fca0f27053fdf1550afc03ce59381b963e0c887def0ea029abdf09e
- SSDEEP
  
  6144:xLmBZYc9gTIu3mJ4f5PY+fUXxBN0KOUg0QV3fj1wUcw8tx2/kpZOwBuHBTpOdN87:xLGZCTV/qkjJwUcw8D2/k3OH
Score

10^/10

raccoon 2dbfb7ebbdc8183124d0ac1729de140a stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon2dbfb7ebbdc8183124d0ac1729de140astealer

behavioral2

raccoon2dbfb7ebbdc8183124d0ac1729de140astealer