Overview

overview

10

Static

static

7

Setup_x32_x64.exe

windows7-x64

10

Setup_x32_x64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pass_1234_Setup.rar

  • Size

    15.5MB

  • Sample

    230731-p6dpxaff35

  • MD5

    30e00d3be2b68cacac3589a3e44d56b4

  • SHA1

    f2c8aa5a548dc241be9dfd75c096f638c55c6c9e

  • SHA256

    fadd73e288bf414c45512fd27b0b02971d5f2f1a4323b508575b4ca87c3752ee

  • SHA512

    36b36c79f780df827e2e500ed3b77f6a2e37412d5a9ccad4f842c90f3546851921089fc00b6e34b83d1af0b71bf1b84b508f341bb4fe3a32af09aee04a5d6096

  • SSDEEP

    393216:aid4vfTXnreJj6HCaM17sQwDUfulZ8tKVJpO1fXjsWeeHMrMYUkJ3W:aidyr3qsC5sDUfulhJp2vwWZsrMd

Score
10/10
raccoon94c54520400750937a6f1bf6044f8667stealervmprotect

Malware Config

Extracted

Family

raccoon

Botnet

94c54520400750937a6f1bf6044f8667

C2

http://185.181.10.208/

xor.plain

Targets

    • Target

      Setup_x32_x64.exe

    • Size

      992.0MB

    • MD5

      aa87368fd85c71caebb069bbd711b5ba

    • SHA1

      2c2390bb8cff65b843a682cdb613909cc5fc3579

    • SHA256

      1f88c89c82edcde05886262f770bd3df3af0049924d7e290cdc3ab6586503e0a

    • SHA512

      4d99c8857d50729e1e99a0f477f5950deff6c11a820095ce765946100b0a0ee58a4fe483589459fba9c5683b79a8f8946879b2cf33eb79fa0a1b486bd64210ca

    • SSDEEP

      196608:gpKYW15rR/FityRl28WklfrrN+tBaa/bK0a99R:g0YsTUcP27SfctBV+089R

    Score
    10/10
    raccoon94c54520400750937a6f1bf6044f8667stealervmprotect

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks