raccoon | 9dfbd450c6a2ee41cc9c41fc7b14482ade86ae616e653f86b99c5364a3c8a29e | Triage

Sharing

General

Target

Pass_1234_Setup.rar
Size

12.7MB
Sample

230521-y9ynxscc62
MD5

d2bbda42aff1c2c60e7e069b253a6054
SHA1

232d900184e86da2ba8dea5d9c0a0214d07281bc
SHA256

9dfbd450c6a2ee41cc9c41fc7b14482ade86ae616e653f86b99c5364a3c8a29e
SHA512

a6a5956edde1dd83f385a5d2d1a7004a0c5fe85052401d377e455dc4ce6d052ddf6b20a8b73359ac3d8626c278791c220df0c19374239f144c3e1be04a60db1a
SSDEEP

196608:EQBj1xPri7VOgSvAs/HxWx4jHP1nbzCSb8MChjkCcjrsUf7U5vJ7ANO2XBaF:EA1xriBZS5xWxQpbMhjBsrsUf7ARMOhF

Score

10^/10

raccoon 050dad105856ba55897f2cb8fb7dd979 stealer

Malware Config

Extracted

Family

raccoon

Botnet

050dad105856ba55897f2cb8fb7dd979

C2

http://94.142.138.174/

xor.plain

Targets

- Target
  
  Setup.exe
- Size
  
  20.3MB
- MD5
  
  4213964177b76ed3c80ae916846c52d1
- SHA1
  
  cbcef61bdcc3ba07bdb0c05c7560ddd2ede4218b
- SHA256
  
  5dbfdda6d49989ea02876732fe870a0f8228790a1649af363c1892833339e922
- SHA512
  
  15bfc090dff694ea9cff3b8c09cc2e18e9b35f069aba27b7bae95887a0f072106f7edebeba3a8fd483d1b118e54b16be3c2819032099b0c460fa64c191fa55fd
- SSDEEP
  
  393216:SR97H7lH5xjn/MxCvBIxiCNmzhaAgtHzGp:S/7N5l0wvyxiCNegq
Score

10^/10

raccoon 050dad105856ba55897f2cb8fb7dd979 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon050dad105856ba55897f2cb8fb7dd979stealer

behavioral2

raccoon050dad105856ba55897f2cb8fb7dd979stealer