raccoon | dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0 | Triage

Submit
Reports

Overview

overview

Static

static

7

dfebde9ad6...a0.exe

windows7-x64

dfebde9ad6...a0.exe

windows10-2004-x64

Sharing

General

Target

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0
Size

1.4MB
Sample

240326-x56nasdb4v
MD5

04367a86c2d056e9ae73ab1c36555b44
SHA1

2c86756bc416f82919f6797d42977331ee44c5e9
SHA256

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0
SHA512

f77b69fcc463a10573e3e2630a9707f8f856038b3763f192e607f71b9eb4555fa309b86e4bbd7ed0e15552b234c5513c964811be030ad80d17d86f12cbe27d49
SSDEEP

24576:sc8766GIxzD/8s0ZmzE3akj+qspLp2mmJWIB+mytyrmeIybBC:sc8gazDks0043spLp2mQsHmDNC

Score

10^/10

raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0.exe

Resource

win10v2004-20240226-en

raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

3cc4b2df9390d71b3c4188a4822c2b23

C2

http://94.103.90.193:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0
- Size
  
  1.4MB
- MD5
  
  04367a86c2d056e9ae73ab1c36555b44
- SHA1
  
  2c86756bc416f82919f6797d42977331ee44c5e9
- SHA256
  
  dfebde9ad6b1591c0044fcfbf6336cb9a9088409179055e4d438cd95b4d7bda0
- SHA512
  
  f77b69fcc463a10573e3e2630a9707f8f856038b3763f192e607f71b9eb4555fa309b86e4bbd7ed0e15552b234c5513c964811be030ad80d17d86f12cbe27d49
- SSDEEP
  
  24576:sc8766GIxzD/8s0ZmzE3akj+qspLp2mmJWIB+mytyrmeIybBC:sc8gazDks0043spLp2mQsHmDNC
Score

10^/10

upx raccoon 3cc4b2df9390d71b3c4188a4822c2b23 stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon3cc4b2df9390d71b3c4188a4822c2b23stealerupx

© 2018-2025

Terms | Privacy