raccoon | 881711145f8f14dd621272bbc95774ceef9d707209d906da0b1a12f8319d16e8 | Triage

Sharing

General

Target

-Setup1_patched.exe
Size

16.1MB
Sample

230421-n1hagafd27
MD5

18a0abe1b5f19e95cc6e1cbf27ac3517
SHA1

7a954568777b54f9e09e5d60715c7737645eafa4
SHA256

881711145f8f14dd621272bbc95774ceef9d707209d906da0b1a12f8319d16e8
SHA512

b52cb41973e2838f8e25c64a0ce0b442b5e65899d032e0ac2f01f179c9365d7348902ad39990e54f318123b4ced92b09a1d996e71cb708f8bbeac68f81212a30
SSDEEP

393216:lZPnL/xPlL3GxIvZBE/oW1BG3TQoVEc6xNSKUffaEIi1:lB5NL37ZBE/oW1ByTTVVKUKUffaEIi

Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://45.15.156.198/

xor.plain

Targets

- Target
  
  -Setup1_patched.exe
- Size
  
  16.1MB
- MD5
  
  18a0abe1b5f19e95cc6e1cbf27ac3517
- SHA1
  
  7a954568777b54f9e09e5d60715c7737645eafa4
- SHA256
  
  881711145f8f14dd621272bbc95774ceef9d707209d906da0b1a12f8319d16e8
- SHA512
  
  b52cb41973e2838f8e25c64a0ce0b442b5e65899d032e0ac2f01f179c9365d7348902ad39990e54f318123b4ced92b09a1d996e71cb708f8bbeac68f81212a30
- SSDEEP
  
  393216:lZPnL/xPlL3GxIvZBE/oW1BG3TQoVEc6xNSKUffaEIi1:lB5NL37ZBE/oW1ByTTVVKUKUffaEIi
Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon13718a923845c0cdab8ce45c585b8d63stealer

behavioral2

raccoon13718a923845c0cdab8ce45c585b8d63stealer