Overview

overview

10

Static

static

3

ad7a4b5c6b...00.exe

windows7-x64

10

ad7a4b5c6b...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad7a4b5c6bc9383e5a244fda169fdb00

  • Size

    1.5MB

  • Sample

    240229-c4t8nabf56

  • MD5

    ad7a4b5c6bc9383e5a244fda169fdb00

  • SHA1

    14b24a4a1b0ef73c9550a5788dc3c687d633ce34

  • SHA256

    65af64061884c6ff247e9bab07a94f778cebec4c55da07ee3abb916dee0ddd71

  • SHA512

    c91dd8876fe495430681313a53992dd84a5a7cc58a3b68d530bf96176f01ac40b7a7487c11b3091fdcada085aebf353295f75716eff08dd69925fe46ac79cc4c

  • SSDEEP

    24576:sSLXsG83o1wTJIC0IhecVBgHigJujOTNNVJ7M/4/659fs13evY5MS9IEckPY:bcb46TJE1cjgHiyMOT3VJo/l9fs0vYN2

Score
10/10
raccooneb0bbcaea74055acda89ce8f7067c40ba5121bbcstealer

Malware Config

Extracted

Family

raccoon

Botnet

eb0bbcaea74055acda89ce8f7067c40ba5121bbc

Attributes
  • url4cnc

    https://t.me/mohibrainos

rc4.plain
rc4.plain

Targets

    • Target

      ad7a4b5c6bc9383e5a244fda169fdb00

    • Size

      1.5MB

    • MD5

      ad7a4b5c6bc9383e5a244fda169fdb00

    • SHA1

      14b24a4a1b0ef73c9550a5788dc3c687d633ce34

    • SHA256

      65af64061884c6ff247e9bab07a94f778cebec4c55da07ee3abb916dee0ddd71

    • SHA512

      c91dd8876fe495430681313a53992dd84a5a7cc58a3b68d530bf96176f01ac40b7a7487c11b3091fdcada085aebf353295f75716eff08dd69925fe46ac79cc4c

    • SSDEEP

      24576:sSLXsG83o1wTJIC0IhecVBgHigJujOTNNVJ7M/4/659fs13evY5MS9IEckPY:bcb46TJE1cjgHiyMOT3VJo/l9fs0vYN2

    Score
    10/10
    raccooneb0bbcaea74055acda89ce8f7067c40ba5121bbcstealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks