Overview

overview

10

Static

static

7

e6c1f065e8...cs.exe

windows7-x64

10

e6c1f065e8...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6c1f065e805853f81b9242c43ec3990_NeikiAnalytics

  • Size

    5.1MB

  • Sample

    240516-vytn2sfd4v

  • MD5

    e6c1f065e805853f81b9242c43ec3990

  • SHA1

    1441bc0f1691d99c33030a2ad9760cc7f72bf379

  • SHA256

    44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8

  • SHA512

    985cf8e87879540c1aedd2ea2e5edb67d8043ca947996cb5d2eb19483ed9679609e5b784832b092f9cb31dfec4076f2d4e8cfdd42a9dfb9e1830f34b863b07e4

  • SSDEEP

    98304:cwGgxhH7zDmW1Kcmq86Qd/wy6wbgSahwTEE+4C9PRgHhgG:cfC3mWu6gwBhwTbtM8hgG

Score
10/10
raccoon5705cf455d54ce026eb2bfe61ead11fcstealervmprotect

Malware Config

Extracted

Family

raccoon

Botnet

5705cf455d54ce026eb2bfe61ead11fc

C2

http://193.233.132.15:80

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      e6c1f065e805853f81b9242c43ec3990_NeikiAnalytics

    • Size

      5.1MB

    • MD5

      e6c1f065e805853f81b9242c43ec3990

    • SHA1

      1441bc0f1691d99c33030a2ad9760cc7f72bf379

    • SHA256

      44379440d7864f6cc6ac99a5ce79e21d2b8c9cb58cf5e86e7f57e073f18d37d8

    • SHA512

      985cf8e87879540c1aedd2ea2e5edb67d8043ca947996cb5d2eb19483ed9679609e5b784832b092f9cb31dfec4076f2d4e8cfdd42a9dfb9e1830f34b863b07e4

    • SSDEEP

      98304:cwGgxhH7zDmW1Kcmq86Qd/wy6wbgSahwTEE+4C9PRgHhgG:cfC3mWu6gwBhwTbtM8hgG

    Score
    10/10
    raccoon5705cf455d54ce026eb2bfe61ead11fcstealervmprotect

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks