raccoon | 172513e34579c0446c9bf926fb61855f49ba820905e932e71e34c222e5d1b489 | Triage

Submit
Reports

Overview

overview

Static

static

1

99605ed7f9...46.exe

windows7-x64

7

99605ed7f9...46.exe

windows10-2004-x64

Sharing

General

Target

99605ed7f961e53c2d4c0b2510431a46
Size

1.4MB
Sample

230320-h9fv4sed31
MD5

99605ed7f961e53c2d4c0b2510431a46
SHA1

61fc148bcd1afc7e4eb0e8d934bf09aa64d5095b
SHA256

172513e34579c0446c9bf926fb61855f49ba820905e932e71e34c222e5d1b489
SHA512

40ad646f2c0063a780401529756260fc2fc209361e072dc929c8293e3e03da2ccd8e432d924761751d55ed86e9cdf16fc7f0e8d409982c7e70bb68c457be856e
SSDEEP

24576:BWmAFubS4dzvikB3UbqeYIAmQHwVVnCNxXmBDGWa7Wqw7LUjF+8tIUqb:124d3B3MXXAmQHaVwxWBDG57IWF5tIP

Score

10^/10

raccoon 1891f3242f2b04de4a644729c3a34570 stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

99605ed7f961e53c2d4c0b2510431a46.exe

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

99605ed7f961e53c2d4c0b2510431a46.exe

Resource

win10v2004-20230220-en

raccoon 1891f3242f2b04de4a644729c3a34570 stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

1891f3242f2b04de4a644729c3a34570

C2

http://89.185.85.248/

rc4.plain

Targets

- Target
  
  99605ed7f961e53c2d4c0b2510431a46
- Size
  
  1.4MB
- MD5
  
  99605ed7f961e53c2d4c0b2510431a46
- SHA1
  
  61fc148bcd1afc7e4eb0e8d934bf09aa64d5095b
- SHA256
  
  172513e34579c0446c9bf926fb61855f49ba820905e932e71e34c222e5d1b489
- SHA512
  
  40ad646f2c0063a780401529756260fc2fc209361e072dc929c8293e3e03da2ccd8e432d924761751d55ed86e9cdf16fc7f0e8d409982c7e70bb68c457be856e
- SSDEEP
  
  24576:BWmAFubS4dzvikB3UbqeYIAmQHwVVnCNxXmBDGWa7Wqw7LUjF+8tIUqb:124d3B3MXXAmQHaVwxWBDG57IWF5tIP
Score

10^/10

upx raccoon 1891f3242f2b04de4a644729c3a34570 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon1891f3242f2b04de4a644729c3a34570stealerupx

© 2018-2025

Terms | Privacy