raccoon | b16737cd06d3b2bd6058d73b83dc3b966bf03b1a0832aac2f11525a15b1b35ca | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

3.4MB
Sample

230808-p5yzfsec2w
MD5

36c95cd438e93d1524c8f5760131dd78
SHA1

7b60b22ab77de4763de9d9116549e7c343428467
SHA256

b16737cd06d3b2bd6058d73b83dc3b966bf03b1a0832aac2f11525a15b1b35ca
SHA512

489a75bd5c10dc3a5fdd3a255528866bdefa3dd9a1144acb4de43ac25b87b880954944c80167171ce4a4ef1d770bcb46f74e71b162721fc87359ff34e532dbf0
SSDEEP

49152:0871cpClp+hBSUF2GX1Wjq7fR8gPDWHxHH9Q2BjYIqRGhANEf:0K1cpClbGX1cq7JNPDW82Bj/BANM

Score

10^/10

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10v2004-20230703-en

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer

windows10-2004-x64

14 signatures

600 seconds

Malware Config

Extracted

Family

raccoon

Botnet

540b3ba85d1bbedd96c04ca8134046bc

C2

http://91.103.252.31:80/

xor.plain

Targets

- Target
  
  Setup.exe
- Size
  
  3.4MB
- MD5
  
  36c95cd438e93d1524c8f5760131dd78
- SHA1
  
  7b60b22ab77de4763de9d9116549e7c343428467
- SHA256
  
  b16737cd06d3b2bd6058d73b83dc3b966bf03b1a0832aac2f11525a15b1b35ca
- SHA512
  
  489a75bd5c10dc3a5fdd3a255528866bdefa3dd9a1144acb4de43ac25b87b880954944c80167171ce4a4ef1d770bcb46f74e71b162721fc87359ff34e532dbf0
- SSDEEP
  
  49152:0871cpClp+hBSUF2GX1Wjq7fR8gPDWHxHH9Q2BjYIqRGhANEf:0K1cpClbGX1cq7JNPDW82Bj/BANM
Score

10^/10

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon540b3ba85d1bbedd96c04ca8134046bcstealer

© 2018-2024

Terms | Privacy