raccoon | 023fb24e4591fcbbff6096a61e7cbfb79bc1bade9236dd0db6ede7ab1e00bf9f | Triage

Submit
Reports

Overview

overview

Static

static

3

ac.exe

windows7-x64

ac.exe

windows10-2004-x64

Resubmissions

27/02/2024, 01:36

240227-b1mtqsdg2v 10

10/10/2020, 04:17

201010-bxlhq7f792 7

Sharing

General

Target

ac.exe
Size

396KB
Sample

240227-b1mtqsdg2v
MD5

5cddc68460463a32782f94c595dea500
SHA1

786ad838dfbea097f192727d90bc899073ae3260
SHA256

023fb24e4591fcbbff6096a61e7cbfb79bc1bade9236dd0db6ede7ab1e00bf9f
SHA512

e8828d612037a5baf32fa6576cacea2b3c02c5618d7f750e86d4d73aec81a0d93989f754c8f2fa63bb2275f12ff4d740ef4c26db3882ada4f2ab1e5964700715
SSDEEP

12288:PFCMQSKRhznUR1GUKY0WXbt7M5K/FbTx:NCYKRhbBUaKbtY5K/f

Score

10^/10

raccoon zgrat ee3b370277b98939f8098234def6cb188c03591f rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ac.exe

Resource

win7-20240221-en

raccoon zgrat ee3b370277b98939f8098234def6cb188c03591f rat stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

ac.exe

Resource

win10v2004-20240226-en

raccoon zgrat ee3b370277b98939f8098234def6cb188c03591f rat stealer

windows10-2004-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ee3b370277b98939f8098234def6cb188c03591f

Attributes

url4cnc
https://telete.in/brikitiki

rc4.plain

rc4.plain

Targets

- Target
  
  ac.exe
- Size
  
  396KB
- MD5
  
  5cddc68460463a32782f94c595dea500
- SHA1
  
  786ad838dfbea097f192727d90bc899073ae3260
- SHA256
  
  023fb24e4591fcbbff6096a61e7cbfb79bc1bade9236dd0db6ede7ab1e00bf9f
- SHA512
  
  e8828d612037a5baf32fa6576cacea2b3c02c5618d7f750e86d4d73aec81a0d93989f754c8f2fa63bb2275f12ff4d740ef4c26db3882ada4f2ab1e5964700715
- SSDEEP
  
  12288:PFCMQSKRhznUR1GUKY0WXbt7M5K/FbTx:NCYKRhbBUaKbtY5K/f
Score

10^/10

raccoon zgrat ee3b370277b98939f8098234def6cb188c03591f rat stealer
- Detect ZGRat V1
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonzgratee3b370277b98939f8098234def6cb188c03591fratstealer

behavioral2

raccoonzgratee3b370277b98939f8098234def6cb188c03591fratstealer

© 2018-2025

Terms | Privacy