raccoon | 5e2e0fc2557c1471e5fda621f70cc560b1a589d7e91479cced85ca3c36830f8f | Triage

Sharing

General

Target

Open_Setup_Use_2023_As_PassWord.rar
Size

17.7MB
Sample

230510-16bfbscc7s
MD5

ec63229d00684415d591cef854167dd2
SHA1

73afa5c05b2cb0c3a9d0ca279e610f24c10968b5
SHA256

5e2e0fc2557c1471e5fda621f70cc560b1a589d7e91479cced85ca3c36830f8f
SHA512

9b3541f4d9eb6d7a54a37371492e559cbe1281f79d042829a60f2a96148762361ea33e6030574433153025c964956cface47bdcc6f4130e53973081d33bf507b
SSDEEP

393216:uaMZMSMm7fFnlDU6iqvz0DVjzeqDJdQIWOgSn5xMuortdTKX7Ev7QPXYVqbJ:uaClf/w6h709RDJxL5GsI7QgAl

Score

10^/10

raccoon 8ed6e26daba8160b1050248b4a36291b stealer

Malware Config

Extracted

Family

raccoon

Botnet

8ed6e26daba8160b1050248b4a36291b

C2

http://37.220.87.69

http://83.217.11.13

http://94.142.138.126/

xor.plain

Targets

- Target
  
  Open_Setup_Use_2023_As_PassWord.rar
- Size
  
  17.7MB
- MD5
  
  ec63229d00684415d591cef854167dd2
- SHA1
  
  73afa5c05b2cb0c3a9d0ca279e610f24c10968b5
- SHA256
  
  5e2e0fc2557c1471e5fda621f70cc560b1a589d7e91479cced85ca3c36830f8f
- SHA512
  
  9b3541f4d9eb6d7a54a37371492e559cbe1281f79d042829a60f2a96148762361ea33e6030574433153025c964956cface47bdcc6f4130e53973081d33bf507b
- SSDEEP
  
  393216:uaMZMSMm7fFnlDU6iqvz0DVjzeqDJdQIWOgSn5xMuortdTKX7Ev7QPXYVqbJ:uaClf/w6h709RDJxL5GsI7QgAl
Score

10^/10

raccoon 8ed6e26daba8160b1050248b4a36291b stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon8ed6e26daba8160b1050248b4a36291bstealer

behavioral2

raccoon8ed6e26daba8160b1050248b4a36291bstealer