raccoon | 98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39 | Triage

Sharing

General

Target

98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
Size

186KB
Sample

230511-ka3xpscf23
MD5

170ea3cd14c495010443b45f98027d55
SHA1

eda0de88cb80a413c8ffef547b5394aea793fbc2
SHA256

98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
SHA512

19964c0cb0e4dc02674c7c592b0301f71b5a27f60b5628a44937cfed06d48ed7eb5e46026dd21a1ba5bc17bcb6d00f5f3a20145ce580e0d6377aab72af4fa01e
SSDEEP

3072:yPMpq8utFu6OTIVVmr65cfX/82kgoD0bF1IVxGq:ykd6eI/mr+W1kY1IOq

Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer

Malware Config

Extracted

Family

raccoon

Botnet

b11c37ed36597cb6d2adb8b6280a6e12

C2

http://94.142.138.32

xor.plain

Targets

- Target
  
  98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
- Size
  
  186KB
- MD5
  
  170ea3cd14c495010443b45f98027d55
- SHA1
  
  eda0de88cb80a413c8ffef547b5394aea793fbc2
- SHA256
  
  98a588f9dd8a084e828cb26d0a710859725869e8b438b79201ce1a508800fc39
- SHA512
  
  19964c0cb0e4dc02674c7c592b0301f71b5a27f60b5628a44937cfed06d48ed7eb5e46026dd21a1ba5bc17bcb6d00f5f3a20145ce580e0d6377aab72af4fa01e
- SSDEEP
  
  3072:yPMpq8utFu6OTIVVmr65cfX/82kgoD0bF1IVxGq:ykd6eI/mr+W1kY1IOq
Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonb11c37ed36597cb6d2adb8b6280a6e12stealer