raccoon | c5402ac75a86dc37508a502662ba0d6af32b81d570c86067da9ec695718c8ef9 | Triage

Resubmissions

08-04-2023 01:15

230408-bmcrlsdc6z 10

08-04-2023 01:14

230408-blpd1sdc6y 3

08-04-2023 01:11

230408-bkfeqadc6t 3

Sharing

General

Target

SoftwareSetup.rar
Size

31.4MB
Sample

230408-bmcrlsdc6z
MD5

047099eac98bee7e4d6197644bebe398
SHA1

104638640b363dc997638e0106ff83b86b9f87ee
SHA256

c5402ac75a86dc37508a502662ba0d6af32b81d570c86067da9ec695718c8ef9
SHA512

55c432feaa7e14584f5a007225831df181a1688068b502d6028e90f58841256ad70fb0fc3cc863f75dadcfd139dee62406bda34ba220602324d4483e00eb9184
SSDEEP

786432:b4cD8XDwz1tAUfsLllihvBCCKAduhYem2XM/cty9XAkj3:buwbsLihvBCtMbr2X+ctWQkj

Score

10^/10

raccoon ee2a3d190100b91c20d8bc284238dda6 stealer

Malware Config

Extracted

Family

raccoon

Botnet

ee2a3d190100b91c20d8bc284238dda6

C2

http://45.15.156.144/

xor.plain

Targets

- Target
  
  SoftwareSetup.rar
- Size
  
  31.4MB
- MD5
  
  047099eac98bee7e4d6197644bebe398
- SHA1
  
  104638640b363dc997638e0106ff83b86b9f87ee
- SHA256
  
  c5402ac75a86dc37508a502662ba0d6af32b81d570c86067da9ec695718c8ef9
- SHA512
  
  55c432feaa7e14584f5a007225831df181a1688068b502d6028e90f58841256ad70fb0fc3cc863f75dadcfd139dee62406bda34ba220602324d4483e00eb9184
- SSDEEP
  
  786432:b4cD8XDwz1tAUfsLllihvBCCKAduhYem2XM/cty9XAkj3:buwbsLihvBCtMbr2X+ctWQkj
Score

10^/10

raccoon ee2a3d190100b91c20d8bc284238dda6 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoonee2a3d190100b91c20d8bc284238dda6stealer