Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    080988e510a463c10b4b9298070701d16a7e92589a064b690ed18b364e9c57a9

  • Size

    452KB

  • Sample

    240308-fe5jwafe37

  • MD5

    3e976b90e48e8991c01d99674dbd359d

  • SHA1

    5eafcb5e3fb49b22c11322ac652f4efe4badcc1f

  • SHA256

    080988e510a463c10b4b9298070701d16a7e92589a064b690ed18b364e9c57a9

  • SHA512

    0ab1816b8d09f640d5299cf3e4d0fd0c30275a8f19a9563255e8738f15b2f07c50115c9c9eab470fa532150c89fe8c8f1778c4d43aa04736ff0d1c157ba29217

  • SSDEEP

    6144:01fnu4ll8K8S17n0vfYqtvRV/ynbG6JMpKoQ/apBmnTeM:01fu438K51kfYqt7/ybG6E4wBqe

Score
10/10
raccoon4ddee039c3c1cb01baf0736505e3e436stealer

Malware Config

Extracted

Family

raccoon

Botnet

4ddee039c3c1cb01baf0736505e3e436

C2

http://94.131.106.24:80

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Extracted

Family

raccoon

Attributes
  • user_agent

    f

Targets

    • Target

      080988e510a463c10b4b9298070701d16a7e92589a064b690ed18b364e9c57a9

    • Size

      452KB

    • MD5

      3e976b90e48e8991c01d99674dbd359d

    • SHA1

      5eafcb5e3fb49b22c11322ac652f4efe4badcc1f

    • SHA256

      080988e510a463c10b4b9298070701d16a7e92589a064b690ed18b364e9c57a9

    • SHA512

      0ab1816b8d09f640d5299cf3e4d0fd0c30275a8f19a9563255e8738f15b2f07c50115c9c9eab470fa532150c89fe8c8f1778c4d43aa04736ff0d1c157ba29217

    • SSDEEP

      6144:01fnu4ll8K8S17n0vfYqtvRV/ynbG6JMpKoQ/apBmnTeM:01fu438K51kfYqt7/ybG6E4wBqe

    Score
    10/10
    raccoon4ddee039c3c1cb01baf0736505e3e436stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks