raccoon | 6e80a4fc6708c4afd1992257a56f2060a4d3ec0d03076c8e4644f86d6bdb37cb | Triage

Sharing

General

Target

FullVersionG5_Setup_2023_As_PassKey.rar
Size

19.5MB
Sample

230406-2a95fshc9z
MD5

325269d3b8c7c2057812eded13784d47
SHA1

bc8acc9988dde2f8691ea4de439701d590880cf3
SHA256

6e80a4fc6708c4afd1992257a56f2060a4d3ec0d03076c8e4644f86d6bdb37cb
SHA512

7c49de177716f863ade22672cd46cdc3a733949471ea663d19ab16720bf079f00f93d4b8d0a6c0c8e278e617b4472ca16115f71ce47fcaf08965c1a4babb319e
SSDEEP

393216:uh7aPjot+wiTtIyio6OnwFzi6gQbXULHWqgh4MCvQjw7mhr:OaPsMwkGyi5KFvxtghcQjWmN

Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://45.15.156.143/

xor.plain

Targets

- Target
  
  FullVersionG5_Setup_2023_As_PassKey.rar
- Size
  
  19.5MB
- MD5
  
  325269d3b8c7c2057812eded13784d47
- SHA1
  
  bc8acc9988dde2f8691ea4de439701d590880cf3
- SHA256
  
  6e80a4fc6708c4afd1992257a56f2060a4d3ec0d03076c8e4644f86d6bdb37cb
- SHA512
  
  7c49de177716f863ade22672cd46cdc3a733949471ea663d19ab16720bf079f00f93d4b8d0a6c0c8e278e617b4472ca16115f71ce47fcaf08965c1a4babb319e
- SSDEEP
  
  393216:uh7aPjot+wiTtIyio6OnwFzi6gQbXULHWqgh4MCvQjw7mhr:OaPsMwkGyi5KFvxtghcQjWmN
Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon13718a923845c0cdab8ce45c585b8d63stealer

behavioral2

raccoon13718a923845c0cdab8ce45c585b8d63stealer