raccoon | 0dcfcccd6ae895d9e5dbf703cdfc8becb6aa20d56e756bba84c84837cf5c55f1 | Triage

Sharing

General

Target

ir41_qc.zip
Size

592KB
Sample

240313-ls68hscc26
MD5

cc43361faedfcf3129bad175c9c2eb69
SHA1

51494c7bc7fa39ebfae56958206d4e06437864f4
SHA256

0dcfcccd6ae895d9e5dbf703cdfc8becb6aa20d56e756bba84c84837cf5c55f1
SHA512

2cbe0f3da88ae5676c0b3d59709f86f2b479cb50fe1f9403cadfc5f0508207728f45b3cbe60e5c095d98c6a71764c5c2957d85c46d552469b9607c39a7821390
SSDEEP

12288:yUpATBHVdo6P+UZI2qGDiLMNhXl13ClPMt3++3DSDF8QBqtOMM7xEYHam1cEB8p:ySATB1do6PZbqG5P3Cl0HTS7lMM1L6mu

Score

10^/10

raccoon a422219cb64fce84af4367b7d81c5df3 stealer

Malware Config

Extracted

Family

raccoon

Botnet

a422219cb64fce84af4367b7d81c5df3

C2

http://91.103.252.217:80/

Attributes

user_agent
Xmlst

xor.plain

Targets

- Target
  
  ir41_qc/cephalosporin.ppt
- Size
  
  395KB
- MD5
  
  020309e5adfd756102ebcd09bdaac478
- SHA1
  
  31bda79d7e1dee1936d41181544ac69521760039
- SHA256
  
  4eba6d3c38122a623e5adf8c07fa395be652b93fbbb0be29b74ad29f4ca4f018
- SHA512
  
  757e95ddd748b31ba24c0383ffe75c1c97807a0e62a7a28a018dad796213ca3255fade0a794d62b274595ec29bbfab92f1290e46e4f9496dc93850bb8572e1ce
- SSDEEP
  
  6144:or4jfA/GhI3pbktDc9eoj4cLs57fiQnJdGUIC1PkMt7zbKUoEleuZ3y1r/Vz37LB:gsSWcsOY57qQJg5ePznLXZ3y1pFb
Score

3^/10
behavioral1 behavioral2
- Target
  
  ir41_qc/tedutil.dll
- Size
  
  313KB
- MD5
  
  7bd665f3443218d65f58002373e1917e
- SHA1
  
  ff5d6ef9ff040135c427d8e75685eae0b5b7fe98
- SHA256
  
  f5ce36b5cbfae21ed23c3f035fc8f627b72a0d1c1f7246f99f3b31b85b2fb9e2
- SHA512
  
  23547d3fa6908e276e9be868f65ec5bddc1467a242c559e7f786d7c65bb9607c0b3c8930914b9660bc975dca612915623778cae42ed8dbabf05ea662feee448e
- SSDEEP
  
  6144:6syLJmJlSKUixqSOnBceR5Dp9aWF+OwmohoTd8oi4iKF7hZlrniwIUtwaB9E:6syLJA55vOBceR5Dp9aWF+OwmIoTd8oU
Score

1^/10
behavioral3 behavioral4
- Target
  
  ir41_qc/topoedit.exe
- Size
  
  229KB
- MD5
  
  88691dbfa349db78f96e3278d1afc943
- SHA1
  
  f5624018c9e9c6e9f42ebb08fcd46f1b598c47d3
- SHA256
  
  b874e5abdd7c008d47560fda4e84db893ac63c18c3a5a450d25f4e62ed8e8d8c
- SHA512
  
  70acedd1af236d187d400b3be56a91df6397b3f2f79b64296711efe9f503f4b4151b4617a4cafdf80fcf6767990fce906b8d9b885ba09561ff662d37ddcabbaa
- SSDEEP
  
  3072:4XM/O19qfAuKEWUu8hzls0khPA+xvGEVsZVZ+1DNYlw1BRE84Yowo3BJTo:Ps9qDP3svPA+xeEV8VZ8Dmlw13opA
Score

10^/10

raccoon a422219cb64fce84af4367b7d81c5df3 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

raccoona422219cb64fce84af4367b7d81c5df3stealer