raccoon | 645f292da50497c32a14e01500d96a6e454ae239260e60d7170d8d7b37d8686c | Triage

Sharing

General

Target

645F292DA50497C32A14E01500D96A6E454AE239260E6.exe
Size

2.0MB
Sample

230415-g1f9vaeg7x
MD5

af94fda658c699f0002974accf3ca965
SHA1

adf0d20c4ec52bf085a3c2a0a8973d696fdb0120
SHA256

645f292da50497c32a14e01500d96a6e454ae239260e60d7170d8d7b37d8686c
SHA512

744c0b1b3c55c240592a1e11e63a7f9a5ec45cc80a3a149948d6df8d6d5e9c0810140be6bbc601ddd76d43d766e0938b4236a1687800298fad4b86c025ec40f2
SSDEEP

24576:25t+8xe3Z6CuamiqLxaXH8/ZNytGQeXXUszle:n8gpMgqhyt+Usz

Score

10^/10

raccoon e94e53bd0addbab49f4f9b2013c1a228 stealer

Malware Config

Extracted

Family

raccoon

Botnet

e94e53bd0addbab49f4f9b2013c1a228

C2

http://64.227.42.50/

xor.plain

Targets

- Target
  
  645F292DA50497C32A14E01500D96A6E454AE239260E6.exe
- Size
  
  2.0MB
- MD5
  
  af94fda658c699f0002974accf3ca965
- SHA1
  
  adf0d20c4ec52bf085a3c2a0a8973d696fdb0120
- SHA256
  
  645f292da50497c32a14e01500d96a6e454ae239260e60d7170d8d7b37d8686c
- SHA512
  
  744c0b1b3c55c240592a1e11e63a7f9a5ec45cc80a3a149948d6df8d6d5e9c0810140be6bbc601ddd76d43d766e0938b4236a1687800298fad4b86c025ec40f2
- SSDEEP
  
  24576:25t+8xe3Z6CuamiqLxaXH8/ZNytGQeXXUszle:n8gpMgqhyt+Usz
Score

10^/10

raccoon e94e53bd0addbab49f4f9b2013c1a228 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoone94e53bd0addbab49f4f9b2013c1a228stealer

behavioral2

raccoone94e53bd0addbab49f4f9b2013c1a228stealer