raccoon | d89661cd71c3e3f7f74e181edf0353e8a62cca1221d6d38a01ccdd61129d7249 | Triage

Sharing

General

Target

trrr.zip
Size

12.8MB
Sample

230404-g85x6sfb5s
MD5

c4145100c16b081164009577da27a092
SHA1

878125572e6c466ae05972f4e79b8ba0ecd22b85
SHA256

d89661cd71c3e3f7f74e181edf0353e8a62cca1221d6d38a01ccdd61129d7249
SHA512

59c16725740cbdedc1b19c313548f540e8a091ea586146313be63d6a1c1195e93c8284f8c4f88f5ad00f4565de761e41aacfd8a0e81c2c664e7a073d9b32b873
SSDEEP

196608:ZCc7a5yPdmizLbIIFijpO55lOb8FPH8JJa7cV89cB23RbFnJ12GAjJ0WdSb1mnXK:QW4y1z1FFU8tcPaIVAcEVFnJ1Npk6

Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer

Malware Config

Extracted

Family

raccoon

Botnet

717609e6131226f92ce8ce08c34305be

C2

http://37.220.87.66/

rc4.plain

Targets

- Target
  
  trrr.exe
- Size
  
  13.1MB
- MD5
  
  72066f969e998d032d33e1ccc402c4fb
- SHA1
  
  6496b013fa2ea1fb5b29d59c757c1297e79be4ef
- SHA256
  
  532fd449b9bdf63d81f3a19c1bbae99b24f12a2714f1ba9ddd6b514d595677c2
- SHA512
  
  19169c15acb442a96fd0ece2825160acc235f353c1a25c7b3245fa437af7afefbd0a85f004eb8889b3f2fb1c91629752b33b7536bf9af2a0e96e2e87cca2579b
- SSDEEP
  
  393216:Vj+B2lHxU9hyBOTecFVt5zsYpy/Bcqm36a+:t+UlHxU9hyMjFD5zuBBmF+
Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon717609e6131226f92ce8ce08c34305bestealer

behavioral2

raccoon717609e6131226f92ce8ce08c34305bestealer