raccoon | 78ef2d251ac467c2afdf79028a7837b8f474c77aa239df3a447aeec15e03ed44 | Triage

Sharing

General

Target

11326787129.zip
Size

22.5MB
Sample

230727-kk236ach47
MD5

13bb8cb1e8e72da37f81a145162b72e8
SHA1

496ffff5ec975d56f760182cd3be5a6847a7adb6
SHA256

78ef2d251ac467c2afdf79028a7837b8f474c77aa239df3a447aeec15e03ed44
SHA512

c477634fbffaf05e18f29a20b01284c5ce5ee0da994ff037237f161aa0736eb2fd9458f6d036e531216c83f23266c161047d7992d4dfc7c23c454620adc5017b
SSDEEP

393216:LVSHwNZZ+BKt0qr542wpjF9AypB3ni/JE39Bscp2N3/PgtqEerUbZP5vr:YHwbRt754Pgyr3i/QnpoAtxekj

Score

10^/10

raccoon 98a7af8efda2bdaea273f15846e6a0f5 stealer

Malware Config

Extracted

Family

raccoon

Botnet

98a7af8efda2bdaea273f15846e6a0f5

C2

http://94.142.138.6:80/

xor.plain

Targets

- Target
  
  a97316f79390a1e1c5e26bed12d55121324b0333105f71b1cdf8f35c8f1995c8
- Size
  
  54.0MB
- MD5
  
  bc42b880b739a593ce7f928baf8c88a7
- SHA1
  
  024a49c3f78bda53addea05fb5ecba603a94fc5f
- SHA256
  
  a97316f79390a1e1c5e26bed12d55121324b0333105f71b1cdf8f35c8f1995c8
- SHA512
  
  09a61d73eb2f0e98c0dd45400978aba55928c8d44bdad1ea0d849562c4a3654696042e8aedd5f3f34b51233451ac83a60c4aefc805e6629a75b84eac615d926a
- SSDEEP
  
  49152:c5KlHlofM5oOLGQRJl4CFFs89MwuPbpuPbpuPbpuPbpuPbpuPbpuPbpuPbpuPbpQ:ckH2k5oO7h379l
Score

10^/10

raccoon 98a7af8efda2bdaea273f15846e6a0f5 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon98a7af8efda2bdaea273f15846e6a0f5stealer