General

  • Target

    c5674099c10fc02100253a248cd1d4f9.bin

  • Size

    192KB

  • Sample

    230514-cc6sdaac93

  • MD5

    5725b529b067a1a5f80784dd8061e037

  • SHA1

    5fb2fa7d40a33cd6111c41fe407b2d486a3add7d

  • SHA256

    79def32819cf19e69a73c644a5c910318d8efe56d1103e088d08fb0529ad1a99

  • SHA512

    c88798c341b16b81d0ccf878f500c8c1d5f7c33a5c80333b1525ed0d6d7df02efc8c27798e19f7a9fdab1e3e338d7b7f7c304b1b2255468ffe649f78cc99ea7b

  • SSDEEP

    6144:NjLVrXnYJuiEMRP2SB3emDlgvhf6/drzYkNh5g8:NjtXnENTRdOqlGhfAd/YkNx

Malware Config

Extracted

Family

raccoon

Botnet

073a56fe38eae9c7effa31d6284ce988

C2

http://5.39.117.99/

xor.plain

Targets

    • Target

      d6832a537c3e0be47b10e40736bed91c4768ace163b110d96c6700aabe6c5fb3.exe

    • Size

      332KB

    • MD5

      c5674099c10fc02100253a248cd1d4f9

    • SHA1

      489a0dc2967bf1e0dd30e984eeaff4cd07ab8dae

    • SHA256

      d6832a537c3e0be47b10e40736bed91c4768ace163b110d96c6700aabe6c5fb3

    • SHA512

      4c13a467a70a425d366d94dd2ba45fd8b7f3d12705aea99d418fa76be6d26bf37c6cd5d9363890be7dc69add4ff488aff6a4cdbd346851eea73cae0887d0e4cc

    • SSDEEP

      6144:xMtTVz4Zwp+e50XrDkodpbMk9d2p8gSqP4p1IOq:MajX2p8gSqO14

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks