raccoon | 45b55efeb41ae81ede9172ddd4a9bfaf5565fdfb5de32b9697491260e13aed2d | Triage

Sharing

General

Target

SoftWare.rar
Size

156.8MB
Sample

230424-yshalsga4y
MD5

974d9609f990a99d1a5861d6efbd6a15
SHA1

ae89d62707f67aee8c8becde380a5272046f4139
SHA256

45b55efeb41ae81ede9172ddd4a9bfaf5565fdfb5de32b9697491260e13aed2d
SHA512

85345503c7fa468965e0bb0c8d2943259ff8da2a3d7e0f55ceaa10505c48f3691e9fd4866bbb925961227695164e8bfe959ab9d7f59696779878c7a5bbfcf47a
SSDEEP

3145728:7uYlfL1YonJocm2Kg/4g8wzB2nDTVPiRc/UOK+Jb7pZwXit3ldSvwAdUAKRAaR9r:KYFnGN2Ld8wzcDhPiyU47JtTSvwAifRz

Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer

Malware Config

Extracted

Family

raccoon

Botnet

717609e6131226f92ce8ce08c34305be

C2

http://37.220.87.66/

xor.plain

Targets

- Target
  
  SoftWare/Setup.exe
- Size
  
  879.2MB
- MD5
  
  aeeb4a7a298311c5036bd57eefef24ff
- SHA1
  
  327687c80164354afe2530af100ec8b448baa80d
- SHA256
  
  1c0bf59fe9f8b5a9119582f7cf10b023b891955e83c8dedaf3d4ed7a5c49bddc
- SHA512
  
  2023e039066894e0095a675729a0c232e47f9b26c84b19abfa3a4a44f0f72ce0c6fd14af7b61a50826af124a92f1e93e5a0446c94ff0773c955da834c080523d
- SSDEEP
  
  196608:A0RgGF79cVhrirDBFsYPVM6TWn7/m80aslB4ZJdDhpp0Bz6P2fAz1TPTYEtm96mj:XycYIDBKl7O80zlgJpJ0BI2fU3X0Dj
Score

10^/10

raccoon 717609e6131226f92ce8ce08c34305be stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon717609e6131226f92ce8ce08c34305bestealer

behavioral2

raccoon717609e6131226f92ce8ce08c34305bestealer