raccoon | 506da932f06c1b88ddda7133a5a0711254f24dd6d7dd2ecf4ecdd3c4e780a307 | Triage

Sharing

General

Target

Fulll_Version_iSetup.zip
Size

35.4MB
Sample

230421-yrs1qahf62
MD5

1fe9b5742e7afbc73a48f18fa0f479a4
SHA1

32e972167e485ab7ad99cef817eb254dc10c1328
SHA256

506da932f06c1b88ddda7133a5a0711254f24dd6d7dd2ecf4ecdd3c4e780a307
SHA512

f3206994426af4697c991971185a7a81a83cc9cf79d2a3f8287c6f4b85d51da8e7f07f178c8d0e8a2027f121acc36f1a4b842e89f477fe73ec3667ed6a788120
SSDEEP

786432:JhJBDNiplHoEkIlud5hlMeNBplHlZXrJlIjdM1/hVlr9CEtjC8kexfgdkeiePc:9f0HR9lEB1JHr7JoM15VlrgEtSdkebPc

Score

10^/10

raccoon 59b84a5420a33b4e78d2e5edb4d9154b stealer

Malware Config

Extracted

Family

raccoon

Botnet

59b84a5420a33b4e78d2e5edb4d9154b

C2

http://37.220.87.69

http://83.217.11.14

xor.plain

Targets

- Target
  
  iSetup.exe
- Size
  
  963.4MB
- MD5
  
  d9837847dc9af1c9016ef4a0e7b6c6bc
- SHA1
  
  e5f375af44e44274f93b63cc3ce34f6f8c8034dd
- SHA256
  
  7952fc791342a8d11f206c83aa85421fd44fba1e6e5b49dc8a6cec41ac99a475
- SHA512
  
  3b0bc12db0c1920107444623a9782786232cbcc3f9e821f814f2b99e097d7763703d8a11b5f255f91cc3a88049cb3f563ba122367035289299dd90868e74c509
- SSDEEP
  
  393216:QO+o7rCtFOVIu4rLJF7sLL+/A45K2ykhP:mofLCuAkLL+/A6K4B
Score

10^/10

raccoon 59b84a5420a33b4e78d2e5edb4d9154b stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon59b84a5420a33b4e78d2e5edb4d9154bstealer

behavioral2

raccoon59b84a5420a33b4e78d2e5edb4d9154bstealer