raccoon | e5be49571e5f2151a9a68c6e2e13c4eca767e2c1a6d7b8ee50865cf7dc15b2bd | Triage

Submit
Reports

Overview

overview

Static

static

7

dfebde9ad6...a0.exe

windows7-x64

dfebde9ad6...a0.exe

windows10-2004-x64

Sharing

General

Target

04367a86c2d056e9ae73ab1c36555b44.bin
Size

1.0MB
Sample

240105-bctx5seher
MD5

1b16d5949197396d6e64f8490fa86b4e
SHA1

f2159f94b406745e7596ba7ead012c795ae21aac
SHA256

e5be49571e5f2151a9a68c6e2e13c4eca767e2c1a6d7b8ee50865cf7dc15b2bd
SHA512

591a76ef3835cf4d9cdce1cba6206d40246cc6c21ee9d1269f69db3b84bc932b7eed4992b21e4764ab4c8256ac58aa5539bd18527f9d6d7bc483f72c2ff0697d
SSDEEP

24576:tThPevUxz3S4csic8NZ9p/4K4AUerXxdqoqb/8c:dMvU53gPNDF4Krzqb0c

Score

10^/10

raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe

Resource

win7-20231215-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe

Resource

win10v2004-20231215-en

raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

3cc4b2df9390d71b3c4188a4822c2b23

C2

http://94.103.90.193:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe
- Size
  
  1.4MB
- MD5
  
  04367a86c2d056e9ae73ab1c36555b44
- SHA1
  
  2c86756bc416f82919f6797d42977331ee44c5e9
- SHA256
  
  dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0
- SHA512
  
  f77b69fcc463a10573e3e2630a9707f8f856038b3763f192e607f71b9eb4555fa309b86e4bbd7ed0e15552b234c5513c964811be030ad80d17d86f12cbe27d49
- SSDEEP
  
  24576:sc8766GIxzD/8s0ZmzE3akj+qspLp2mmJWIB+mytyrmeIybBC:sc8gazDks0043spLp2mQsHmDNC
Score

10^/10

upx raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon3cc4b2df9390d71b3c4188a4822c2b23stealerupx

© 2018-2024

Terms | Privacy