raccoon | 268cf23292607f43072b3b186e17e278ec7bd03055c3903a14f4a82b5b92d1a5 | Triage

Resubmissions

21-05-2023 06:27

230521-g74zgsge82 10

15-05-2023 13:31

230515-qsdnesdh9y 10

Sharing

General

Target

file.exe
Size

2.3MB
Sample

230515-qsdnesdh9y
MD5

dfcd8af092a651342c318ecd8e1b896a
SHA1

e62769eb2b5028591cdd90fdede21951cbee5f22
SHA256

268cf23292607f43072b3b186e17e278ec7bd03055c3903a14f4a82b5b92d1a5
SHA512

8252c7f37d56e39be822f1b55718dabfaa78b4ef24bdb5ee49de24b901c19fbb853221aa5b2fc2016118905cc793d945f6630bc480a7d9998faea1d93f409c21
SSDEEP

24576:eM46r2Y7Yjc/snfvMLx2Quq0QOlAYpEgOlJoLlj1HpZDll3RuQ55313u:eM46+lAYpEgOlJoTll3A

Score

10^/10

raccoon 94c54520400750937a6f1bf6044f8667 stealer

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://194.37.80.221/

xor.plain

Targets

- Target
  
  file.exe
- Size
  
  2.3MB
- MD5
  
  dfcd8af092a651342c318ecd8e1b896a
- SHA1
  
  e62769eb2b5028591cdd90fdede21951cbee5f22
- SHA256
  
  268cf23292607f43072b3b186e17e278ec7bd03055c3903a14f4a82b5b92d1a5
- SHA512
  
  8252c7f37d56e39be822f1b55718dabfaa78b4ef24bdb5ee49de24b901c19fbb853221aa5b2fc2016118905cc793d945f6630bc480a7d9998faea1d93f409c21
- SSDEEP
  
  24576:eM46r2Y7Yjc/snfvMLx2Quq0QOlAYpEgOlJoLlj1HpZDll3RuQ55313u:eM46+lAYpEgOlJoTll3A
Score

10^/10

raccoon 94c54520400750937a6f1bf6044f8667 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon94c54520400750937a6f1bf6044f8667stealer

behavioral2

raccoon94c54520400750937a6f1bf6044f8667stealer