raccoon | 17808b7509e2a5d8ae805cc59eaae1305ae4d3069f173187b57aa29b3833f9e7 | Triage

Sharing

General

Target

17808b7509e2a5d8ae805cc59eaae1305ae4d3069f173187b57aa29b3833f9e7
Size

963KB
Sample

240708-fnckfstcjp
MD5

cefc3739d099bae51eb2a9d3887ac12c
SHA1

fba9f10f553d73382f73247c5c136e8338f1ebe5
SHA256

17808b7509e2a5d8ae805cc59eaae1305ae4d3069f173187b57aa29b3833f9e7
SHA512

57b0428d8771b3945e432f6f6e9e105038f5a6d9b8ea1a3b0971c97d42eef4cef74f37446887094aba33fa7878eb9de2ba7bb919cf5838fdc65ca5362720b71c
SSDEEP

24576:juDXTIGaPhEYzUzA0aTuDXTIGaPhEYzUzA0bPrs:KDjlabwz9RDjlabwz9c

Score

10^/10

raccoon fb96e3bf5bafc00f44249e341787dfd4 stealer

Malware Config

Extracted

Family

raccoon

Botnet

fb96e3bf5bafc00f44249e341787dfd4

C2

http://95.169.205.186:80/

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  17808b7509e2a5d8ae805cc59eaae1305ae4d3069f173187b57aa29b3833f9e7
- Size
  
  963KB
- MD5
  
  cefc3739d099bae51eb2a9d3887ac12c
- SHA1
  
  fba9f10f553d73382f73247c5c136e8338f1ebe5
- SHA256
  
  17808b7509e2a5d8ae805cc59eaae1305ae4d3069f173187b57aa29b3833f9e7
- SHA512
  
  57b0428d8771b3945e432f6f6e9e105038f5a6d9b8ea1a3b0971c97d42eef4cef74f37446887094aba33fa7878eb9de2ba7bb919cf5838fdc65ca5362720b71c
- SSDEEP
  
  24576:juDXTIGaPhEYzUzA0aTuDXTIGaPhEYzUzA0bPrs:KDjlabwz9RDjlabwz9c
Score

10^/10

raccoon stealer fb96e3bf5bafc00f44249e341787dfd4
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoonfb96e3bf5bafc00f44249e341787dfd4stealer