raccoon | 9c948194834768daeef3f6d8c86d456e643d2e026adc588ff7261640b4905fbe | Triage

Sharing

General

Target

9c948194834768daeef3f6d8c86d456e643d2e026adc588ff7261640b4905fbe
Size

66.0MB
Sample

230804-n33desbh3x
MD5

25e6268a78891921d2046a0fbfb7d0ba
SHA1

45c4edbbaa404bd6b00e6493a98e8e505ae6c33d
SHA256

9c948194834768daeef3f6d8c86d456e643d2e026adc588ff7261640b4905fbe
SHA512

d5e81098b9419b12ebd8b22c30604aa393ce4235c2b1575036dff5e229411fa866f8eb416f53e01d767f5ffd72ada5ae850138a5633f85cdbce8412d636a2171
SSDEEP

24576:s+tsx1pzI5sVbdqjTDo8VyRc/uOgv0mRUorn+FzQXXXXXXXXXXXXXXXXXXXXXXXX:s+mxvwsVIzecGOgcmRUIn+Fz

Score

10^/10

raccoon 98a7af8efda2bdaea273f15846e6a0f5 stealer

Malware Config

Extracted

Family

raccoon

Botnet

98a7af8efda2bdaea273f15846e6a0f5

C2

http://94.142.138.6:80/

xor.plain

Targets

- Target
  
  9c948194834768daeef3f6d8c86d456e643d2e026adc588ff7261640b4905fbe
- Size
  
  66.0MB
- MD5
  
  25e6268a78891921d2046a0fbfb7d0ba
- SHA1
  
  45c4edbbaa404bd6b00e6493a98e8e505ae6c33d
- SHA256
  
  9c948194834768daeef3f6d8c86d456e643d2e026adc588ff7261640b4905fbe
- SHA512
  
  d5e81098b9419b12ebd8b22c30604aa393ce4235c2b1575036dff5e229411fa866f8eb416f53e01d767f5ffd72ada5ae850138a5633f85cdbce8412d636a2171
- SSDEEP
  
  24576:s+tsx1pzI5sVbdqjTDo8VyRc/uOgv0mRUorn+FzQXXXXXXXXXXXXXXXXXXXXXXXX:s+mxvwsVIzecGOgcmRUIn+Fz
Score

10^/10

raccoon 98a7af8efda2bdaea273f15846e6a0f5 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon98a7af8efda2bdaea273f15846e6a0f5stealer