raccoon | c724a6d0db0fc68dd52b5379486501afdc97dc8abf1c0e5dcedf86ae8cb3df30 | Triage

Sharing

General

Target

App_Setup.zip
Size

23.5MB
Sample

230408-ag68labb33
MD5

ccfbad9c4275881e695c9cbd748416f3
SHA1

97a977477b35137f4285fdfc6a52b6eb121bcac3
SHA256

c724a6d0db0fc68dd52b5379486501afdc97dc8abf1c0e5dcedf86ae8cb3df30
SHA512

0286fb626198bc37681da54640118cb71c80865126bb5850848ed93a1588301f0e23347ac64595bcf53b3136b113a730facd8bc4daed4b8465af8dc98e831dc6
SSDEEP

393216:vuzw8wpGWB2/KCxbRr3CEJQZDmM8He6gUXIE5wKUEZQOb//cs4WPkws5X8hcvlyI:CwvGWAVx9r3eD78hgA7SaRpsX8hQlyo7

Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer

Malware Config

Extracted

Family

raccoon

Botnet

717609e6131226f92ce8ce08c34305be

C2

http://37.220.87.66/

xor.plain

Targets

- Target
  
  App_Setup/App_Setup/Setup.exe
- Size
  
  733.1MB
- MD5
  
  d911a481781d164f3c86a7e25ecf0ee2
- SHA1
  
  d68cbecb5795a8c91eea649db944bec35df068ab
- SHA256
  
  9d388feefc4a48dc462cf0e1ac2a38901c74d11e90709fa1d5136fb219a0bd3f
- SHA512
  
  8c043ad5c7a80ccc9fe2f02f37b63b1d9c858e3f8cd7a6742c0cdccd4865ed50d92ea7f91f38c40ec535a84ff915e4c76c4227e76db1999de1866b4b411bdddb
- SSDEEP
  
  393216:Vj+B2lHxU9hyBOTecFVt5zsYpy/Bcqm36a+m:t+UlHxU9hyMjFD5zuBBmF+m
Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon717609e6131226f92ce8ce08c34305bestealer