Overview

overview

10

Static

static

7

Hauma_JC.exe

windows7-x64

10

Hauma_JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Hauma_JC.exe

  • Size

    5.3MB

  • Sample

    231015-mvpa6aff25

  • MD5

    00a1abb6fcdf18f8399d3f666cdfe4a3

  • SHA1

    b85f0a1822b9d37f89d29c49ad3b26707150a815

  • SHA256

    bdd09c45e78c4c3b2b7e177eeda1d411271b83c3307dbab9c026d0f1ed076701

  • SHA512

    efe0ed1d511385617ff29a9ffa6d3906ea67784752d911ed647c5826981196e6ecf9e96c9a62461eb1b1575b138c6a2a4affc6c5ba9b6b5442f7610dcf10f677

  • SSDEEP

    98304:VcJge3W0tYKOt19tpgKleZolUedeUPRr3xSh0I2SGJFLSV:VeW0t7A9tpvwQUede0Rr3xekxnS

Score
10/10
raccoon8c43462d3009db225c4c0889737572cdstealervmprotect

Malware Config

Extracted

Family

raccoon

Botnet

8c43462d3009db225c4c0889737572cd

C2

http://94.142.138.49:80/

Attributes
  • user_agent

    GeekingToTheMoon

xor.plain

Targets

    • Target

      Hauma_JC.exe

    • Size

      5.3MB

    • MD5

      00a1abb6fcdf18f8399d3f666cdfe4a3

    • SHA1

      b85f0a1822b9d37f89d29c49ad3b26707150a815

    • SHA256

      bdd09c45e78c4c3b2b7e177eeda1d411271b83c3307dbab9c026d0f1ed076701

    • SHA512

      efe0ed1d511385617ff29a9ffa6d3906ea67784752d911ed647c5826981196e6ecf9e96c9a62461eb1b1575b138c6a2a4affc6c5ba9b6b5442f7610dcf10f677

    • SSDEEP

      98304:VcJge3W0tYKOt19tpgKleZolUedeUPRr3xSh0I2SGJFLSV:VeW0t7A9tpvwQUede0Rr3xekxnS

    Score
    10/10
    raccoon8c43462d3009db225c4c0889737572cdstealervmprotect

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks