raccoon | ec795dcd6193bd3deb2a005c4b0a6f62a459c459424fe5418971d79660cb9db5 | Triage

Sharing

General

Target

FileNew_Setup_Full_Version.rar
Size

16.1MB
Sample

230415-3stqvshg7v
MD5

5511ee069fcf49e829ad3178b7eeefe8
SHA1

3cd85861cbc0e19fc0fdc3da830db9b07cbbeff4
SHA256

ec795dcd6193bd3deb2a005c4b0a6f62a459c459424fe5418971d79660cb9db5
SHA512

4a92530f59be15779723c4ef1b2ca177799bd31d31245d4232ff5f5a007c69e2971046b13271c59adf9037a0dc76a5cd12143c93db36c99173b5f3a9333c89a8
SSDEEP

393216:BzmGzTw438izXWfp36leXHeNphJfSvzA8GWmSXPrkXBmfc:BHfwKap36EurhJfSrHmuNc

Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://45.15.156.198/

xor.plain

Targets

- Target
  
  FileNew_Setup_Full_Version.rar
- Size
  
  16.1MB
- MD5
  
  5511ee069fcf49e829ad3178b7eeefe8
- SHA1
  
  3cd85861cbc0e19fc0fdc3da830db9b07cbbeff4
- SHA256
  
  ec795dcd6193bd3deb2a005c4b0a6f62a459c459424fe5418971d79660cb9db5
- SHA512
  
  4a92530f59be15779723c4ef1b2ca177799bd31d31245d4232ff5f5a007c69e2971046b13271c59adf9037a0dc76a5cd12143c93db36c99173b5f3a9333c89a8
- SSDEEP
  
  393216:BzmGzTw438izXWfp36leXHeNphJfSvzA8GWmSXPrkXBmfc:BHfwKap36EurhJfSrHmuNc
Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

raccoon13718a923845c0cdab8ce45c585b8d63stealer

behavioral2

raccoon13718a923845c0cdab8ce45c585b8d63stealer