raccoon | 79def32819cf19e69a73c644a5c910318d8efe56d1103e088d08fb0529ad1a99 | Triage

Sharing

General

Target

c5674099c10fc02100253a248cd1d4f9.bin
Size

192KB
Sample

230514-cc6sdaac93
MD5

5725b529b067a1a5f80784dd8061e037
SHA1

5fb2fa7d40a33cd6111c41fe407b2d486a3add7d
SHA256

79def32819cf19e69a73c644a5c910318d8efe56d1103e088d08fb0529ad1a99
SHA512

c88798c341b16b81d0ccf878f500c8c1d5f7c33a5c80333b1525ed0d6d7df02efc8c27798e19f7a9fdab1e3e338d7b7f7c304b1b2255468ffe649f78cc99ea7b
SSDEEP

6144:NjLVrXnYJuiEMRP2SB3emDlgvhf6/drzYkNh5g8:NjtXnENTRdOqlGhfAd/YkNx

Score

10^/10

raccoon 073a56fe38eae9c7effa31d6284ce988 stealer

Malware Config

Extracted

Family

raccoon

Botnet

073a56fe38eae9c7effa31d6284ce988

C2

http://5.39.117.99/

xor.plain

Targets

- Target
  
  d6832a537c3e0be47b10e40736bed91c4768ace163b110d96c6700aabe6c5fb3.exe
- Size
  
  332KB
- MD5
  
  c5674099c10fc02100253a248cd1d4f9
- SHA1
  
  489a0dc2967bf1e0dd30e984eeaff4cd07ab8dae
- SHA256
  
  d6832a537c3e0be47b10e40736bed91c4768ace163b110d96c6700aabe6c5fb3
- SHA512
  
  4c13a467a70a425d366d94dd2ba45fd8b7f3d12705aea99d418fa76be6d26bf37c6cd5d9363890be7dc69add4ff488aff6a4cdbd346851eea73cae0887d0e4cc
- SSDEEP
  
  6144:xMtTVz4Zwp+e50XrDkodpbMk9d2p8gSqP4p1IOq:MajX2p8gSqO14
Score

10^/10

raccoon 073a56fe38eae9c7effa31d6284ce988 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

raccoon073a56fe38eae9c7effa31d6284ce988stealer