General

  • Target

    2048cb0d7439e09892c08c6975704a75

  • Size

    484KB

  • Sample

    231230-3m7erseeen

  • MD5

    2048cb0d7439e09892c08c6975704a75

  • SHA1

    d9d66a257e6c37b7a85719be64600b70375de1f2

  • SHA256

    f0f9df0459d33fbba7247c6fae79c464fb6eae8c258c47d9aa258e4ad32aa719

  • SHA512

    89499a9ed87132f57b0d97e54f4f2877e2206c5a116efdfb904fcff0afc34180ae7a9a452433ffeaecb38d0a7adfc06215bb7c9ef0d8891793ce91ae954edc9d

  • SSDEEP

    12288:v2ojOJ4n5Obt7eIeBqljvEbgX7RryxdmLoZG+tqF:vvVOb5eyNvbxadoaqF

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

263049c95b59877087d6632883c6317f7ab9f0ea

Attributes
  • url4cnc

    https://tttttt.me/ja0jankofranko2

rc4.plain
rc4.plain

Targets

    • Target

      2048cb0d7439e09892c08c6975704a75

    • Size

      484KB

    • MD5

      2048cb0d7439e09892c08c6975704a75

    • SHA1

      d9d66a257e6c37b7a85719be64600b70375de1f2

    • SHA256

      f0f9df0459d33fbba7247c6fae79c464fb6eae8c258c47d9aa258e4ad32aa719

    • SHA512

      89499a9ed87132f57b0d97e54f4f2877e2206c5a116efdfb904fcff0afc34180ae7a9a452433ffeaecb38d0a7adfc06215bb7c9ef0d8891793ce91ae954edc9d

    • SSDEEP

      12288:v2ojOJ4n5Obt7eIeBqljvEbgX7RryxdmLoZG+tqF:vvVOb5eyNvbxadoaqF

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V1 payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks