raccoon | d1f18418cf400611f34742856d30295d09119e7cc35ac894b95c76fc0c7fb929 | Triage

Sharing

General

Target

18a0abe1b5f19e95cc6e1cbf27ac3517.bin
Size

15.7MB
Sample

230423-bgh2fahh48
MD5

81e865039715a0c89f47b5019f0c1d2e
SHA1

2c5cbafc074fcf8c16193b3dd7a50d5c95149b79
SHA256

d1f18418cf400611f34742856d30295d09119e7cc35ac894b95c76fc0c7fb929
SHA512

5ba058852e835cab5eb00547090f068d15a219ac8f189b4cfb1e6c62b6000b5888389f3551bc33c80e58ba0a9b6e5d44b78d218d488a83771d7e50a2b1ba5f73
SSDEEP

393216:o3xlAZm7sHdCsrecSBzITj03aH3iGqQj/YvhH8xY687NxKbHm:o3x+Z6s9HSc8Io+i7Av8RUbm

Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer

Malware Config

Extracted

Family

raccoon

Botnet

13718a923845c0cdab8ce45c585b8d63

C2

http://45.15.156.198/

xor.plain

Targets

- Target
  
  881711145f8f14dd621272bbc95774ceef9d707209d906da0b1a12f8319d16e8.exe
- Size
  
  16.1MB
- MD5
  
  18a0abe1b5f19e95cc6e1cbf27ac3517
- SHA1
  
  7a954568777b54f9e09e5d60715c7737645eafa4
- SHA256
  
  881711145f8f14dd621272bbc95774ceef9d707209d906da0b1a12f8319d16e8
- SHA512
  
  b52cb41973e2838f8e25c64a0ce0b442b5e65899d032e0ac2f01f179c9365d7348902ad39990e54f318123b4ced92b09a1d996e71cb708f8bbeac68f81212a30
- SSDEEP
  
  393216:lZPnL/xPlL3GxIvZBE/oW1BG3TQoVEc6xNSKUffaEIi1:lB5NL37ZBE/oW1ByTTVVKUKUffaEIi
Score

10^/10

raccoon 13718a923845c0cdab8ce45c585b8d63 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon13718a923845c0cdab8ce45c585b8d63stealer

behavioral2

raccoon13718a923845c0cdab8ce45c585b8d63stealer