Overview

overview

10

Static

static

3

25f7e04b4c...22.exe

windows7-x64

10

25f7e04b4c...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20540ccd8f4132e0fff9daec9f143997.bin

  • Size

    5.1MB

  • Sample

    240331-bgrctaah9y

  • MD5

    9231a94dea5dc4694a579424c3b8705a

  • SHA1

    6cca16535425e9e748583b6f7c6f3e83afb55671

  • SHA256

    7f35d8e9722646a0950c9fa1340858787263dbc4a11dc9410b39e53d7edf20f2

  • SHA512

    b16ce4071208b80e93522c1bf6e79c78b91733d5ae2db6b5b0b89fea7d109b8131ac71fa82ebafb2d823e7a0664a361a455e2d3d674127dc2291613ab87bcfee

  • SSDEEP

    98304:td/XK5+7W0HLmB0UVcpTtq5JgbveveUyGa1CBVzyFUxluM0c:td/644aUoB8gbxX1yzyoJ

Score
10/10
raccoond1fc95c6179be4b0b4f93eff6ab3f08fstealer

Malware Config

Extracted

Family

raccoon

Botnet

d1fc95c6179be4b0b4f93eff6ab3f08f

C2

http://89.238.170.230:80

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      25f7e04b4c4fe0f1dc604270cbe8a53433580f9c5372f56abac420de4ced4322.exe

    • Size

      5.1MB

    • MD5

      20540ccd8f4132e0fff9daec9f143997

    • SHA1

      0fb2c50a19db4b8f2c6998e85b437780765fd61c

    • SHA256

      25f7e04b4c4fe0f1dc604270cbe8a53433580f9c5372f56abac420de4ced4322

    • SHA512

      4f299318f6e74e7e64e61d9e364327043289607f063c2972a3849c807de74ed30926ad1d19fd6906d57d4a04eb7df1ff635ec0ee9c2cb618820c3efc82ae0043

    • SSDEEP

      98304:Op01tlZUA6nDvod3HAslfqK1k20OWyCwSvNUddSLE9xmc+XXj0Mey6G8Qs:OpilgDvoBhFkvOWASirSLE9x+TZey6GQ

    Score
    10/10
    raccoond1fc95c6179be4b0b4f93eff6ab3f08fstealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks