raccoon | 6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1 | Triage

Sharing

General

Target

6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1
Size

3.4MB
Sample

230612-3jvlsseb65
MD5

a8c1f96c58503a9c766c7ed239263260
SHA1

37069d83d46b51baceb396c1947891e3974e7594
SHA256

6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1
SHA512

c52b7dd8b56f955f8d88380d718045a02cbd7832caff6941e611465ef54cc8dad680055d9d2abdf27e5d354ebd079547e53ceb8f56e74678b999e0185969cb35
SSDEEP

49152:i+vDJjWt5tw0YCFs7JojDRmrlOt9lSyA8a0c1bEP0EDrmLKW2l6a77Z:i+vDJjWt5tRYTUe0fJKJbpKWi1

Score

10^/10

raccoon f80018d0f7c5463eabb5c698eb201532 stealer

Malware Config

Extracted

Family

raccoon

Botnet

f80018d0f7c5463eabb5c698eb201532

C2

http://5.42.65.18:80/

http://5.42.64.13:80/

http://5.42.65.17:80/

http://5.42.65.12:80/

xor.plain

Targets

- Target
  
  6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1
- Size
  
  3.4MB
- MD5
  
  a8c1f96c58503a9c766c7ed239263260
- SHA1
  
  37069d83d46b51baceb396c1947891e3974e7594
- SHA256
  
  6c8a2cea4dbf018262fc7ccf569de510c0a58612806a2be73a68d82f7b05d1c1
- SHA512
  
  c52b7dd8b56f955f8d88380d718045a02cbd7832caff6941e611465ef54cc8dad680055d9d2abdf27e5d354ebd079547e53ceb8f56e74678b999e0185969cb35
- SSDEEP
  
  49152:i+vDJjWt5tw0YCFs7JojDRmrlOt9lSyA8a0c1bEP0EDrmLKW2l6a77Z:i+vDJjWt5tRYTUe0fJKJbpKWi1
Score

10^/10

raccoon f80018d0f7c5463eabb5c698eb201532 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoonf80018d0f7c5463eabb5c698eb201532stealer

behavioral2

raccoonf80018d0f7c5463eabb5c698eb201532stealer