raccoon | d4224f288dd203d784301459d37aed4a0e908f53b7b60b83c4d7f2b65cc007d1 | Triage

Submit
Reports

Overview

overview

Static

static

1

0e10ea38b2...dc.exe

windows7-x64

0e10ea38b2...dc.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0e10ea38b2c0569203a5f46efdec60dc.exe
Size

5.3MB
Sample

231007-a4msgaag97
MD5

0e10ea38b2c0569203a5f46efdec60dc
SHA1

2a85e47f44d07d52a55095c78b42127e290c5069
SHA256

d4224f288dd203d784301459d37aed4a0e908f53b7b60b83c4d7f2b65cc007d1
SHA512

29e909457cfeb8de60a9eecc3aed132bb59a5bfae8e81c76c414a54b5638500adf839e3bf0f26ee56d9bad2084c34a04886d0d35a64eb8761f0cc8449bdb8f35
SSDEEP

49152:Z4VIxoeQOSWFdin2IVvjm/yw3mAa3/jFPP+EhEyh3cow384AEDiJUdoKtYlQuWpo:Z2IxoebxdOKW

Score

10^/10

raccoon 5ff7bc68b712d0b2c95bc2d831e79eaf stealer

Static task

static1

Behavioral task

behavioral1

Sample

0e10ea38b2c0569203a5f46efdec60dc.exe

Resource

win7-20230831-en

raccoon 5ff7bc68b712d0b2c95bc2d831e79eaf stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e10ea38b2c0569203a5f46efdec60dc.exe

Resource

win10v2004-20230915-en

raccoon 5ff7bc68b712d0b2c95bc2d831e79eaf stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

5ff7bc68b712d0b2c95bc2d831e79eaf

C2

http://45.15.156.141:80

Attributes

user_agent
SunShineMoonLight

xor.plain

Targets

- Target
  
  0e10ea38b2c0569203a5f46efdec60dc.exe
- Size
  
  5.3MB
- MD5
  
  0e10ea38b2c0569203a5f46efdec60dc
- SHA1
  
  2a85e47f44d07d52a55095c78b42127e290c5069
- SHA256
  
  d4224f288dd203d784301459d37aed4a0e908f53b7b60b83c4d7f2b65cc007d1
- SHA512
  
  29e909457cfeb8de60a9eecc3aed132bb59a5bfae8e81c76c414a54b5638500adf839e3bf0f26ee56d9bad2084c34a04886d0d35a64eb8761f0cc8449bdb8f35
- SSDEEP
  
  49152:Z4VIxoeQOSWFdin2IVvjm/yw3mAa3/jFPP+EhEyh3cow384AEDiJUdoKtYlQuWpo:Z2IxoebxdOKW
Score

10^/10

raccoon 5ff7bc68b712d0b2c95bc2d831e79eaf stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon5ff7bc68b712d0b2c95bc2d831e79eafstealer

behavioral2

raccoon5ff7bc68b712d0b2c95bc2d831e79eafstealer

© 2018-2025

Terms | Privacy