raccoon | d5156840d8dd267c3eadccd0e353949551cc66ad5e31ce401bd45d1576edb23c | Triage

Sharing

General

Target

d5156840d8dd267c3eadccd0e353949551cc66ad5e31ce401bd45d1576edb23c
Size

1.2MB
Sample

230816-ffbyyshc8t
MD5

d3a3628aa3d1af0e6000b4bc66ad4fa5
SHA1

11102322f183c47338eb1b159eeb262c75ea9c8f
SHA256

d5156840d8dd267c3eadccd0e353949551cc66ad5e31ce401bd45d1576edb23c
SHA512

418b06659f269c8398823726d22034e18301c37f2ed37a892ea1e8e187886ebacbf172ed296991ad6ff0474b2e4525483b4d784af9dfda824e425436b3f4b04a
SSDEEP

24576:cCrgppbjuQO0Xp1PF/iYHoVxzhAQUcc/kU:cAmt19izdAmcMU

Score

10^/10

raccoon 49394a9091875a21cb12a6699bdcd512 stealer

Malware Config

Extracted

Family

raccoon

Botnet

49394a9091875a21cb12a6699bdcd512

C2

http://77.246.102.57:80/

xor.plain

Targets

- Target
  
  d5156840d8dd267c3eadccd0e353949551cc66ad5e31ce401bd45d1576edb23c
- Size
  
  1.2MB
- MD5
  
  d3a3628aa3d1af0e6000b4bc66ad4fa5
- SHA1
  
  11102322f183c47338eb1b159eeb262c75ea9c8f
- SHA256
  
  d5156840d8dd267c3eadccd0e353949551cc66ad5e31ce401bd45d1576edb23c
- SHA512
  
  418b06659f269c8398823726d22034e18301c37f2ed37a892ea1e8e187886ebacbf172ed296991ad6ff0474b2e4525483b4d784af9dfda824e425436b3f4b04a
- SSDEEP
  
  24576:cCrgppbjuQO0Xp1PF/iYHoVxzhAQUcc/kU:cAmt19izdAmcMU
Score

10^/10

raccoon 49394a9091875a21cb12a6699bdcd512 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon49394a9091875a21cb12a6699bdcd512stealer