raccoon | e91bc27f4c08a4051bd4b20aeb21a2f58c03b5e07ef7baeca2dfba1ae0bd166e | Triage

Sharing

General

Target

849ca256b617969e263ac005d1657fee.bin
Size

250KB
Sample

230512-b5mdrsbc49
MD5

6a8a26d65a9c31729d6616e6e9017042
SHA1

9906224bc22a26117516f2a518619422a394171b
SHA256

e91bc27f4c08a4051bd4b20aeb21a2f58c03b5e07ef7baeca2dfba1ae0bd166e
SHA512

9fe285862874f2465d57cabdc0920490b14058a9952ce3cb620b4bde94202259d8d42a3138698f2d9f6561db74c484dd82d59b7ee7c3016e5ea12c3a2d55b1ff
SSDEEP

6144:CQi8xqwJA64P2FaJJvTJ4wIUpnb5AELW9k8b4oIfd9:vieqwLaJvSsaJbEfH

Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer

Malware Config

Extracted

Family

raccoon

Botnet

b11c37ed36597cb6d2adb8b6280a6e12

C2

http://94.142.138.32

xor.plain

Targets

- Target
  
  52f7559453685d0c3f7c133af17d39ae40b09f403b792e1065d2529a5b6c3992.exe
- Size
  
  1.1MB
- MD5
  
  849ca256b617969e263ac005d1657fee
- SHA1
  
  429e8f10e14fd11d7b15715689a86b1e4f0275c4
- SHA256
  
  52f7559453685d0c3f7c133af17d39ae40b09f403b792e1065d2529a5b6c3992
- SHA512
  
  f120471e04b0c2312fcb630874d314338e68488512ceeedc260312c4ba570b367f602e44c26a756c64e5f84e75f69c66643433f836a7be481a6e2f2cb74c2dc5
- SSDEEP
  
  6144:EhQs0F6/DrcrgG5WwO4dqAO0y/Qas3CKcgnTIxViT1qH0WUi+gCsoSvi:EhQsP/DrcrgcUGyngTIs1q5boSvi
Score

10^/10

raccoon b11c37ed36597cb6d2adb8b6280a6e12 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoonb11c37ed36597cb6d2adb8b6280a6e12stealer