Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

5

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    974bc77cb81fc01f84907370cc3ef55c9e243c6e0e1df7b3af8238dc1bd68fd5

  • Size

    1.9MB

  • Sample

    240808-f6qvsszeqq

  • MD5

    02b2f62e789410f8c256b0d63ac45a1a

  • SHA1

    0405562a34ea101cd0e890e1643afbfd4cc48e56

  • SHA256

    974bc77cb81fc01f84907370cc3ef55c9e243c6e0e1df7b3af8238dc1bd68fd5

  • SHA512

    d7baa87d0ab38c0028e523ccb1e62662f20db6ceb256602e827c2f8037e40beae95a08e002ddb67d1b5ac53eee6da173d2b24dc438687319e9858a80d0a14ab5

  • SSDEEP

    49152:FNhQ1RFI9HDhf6I8BmYiMvdLBG9n+bn+etQ6fQ:F7QD6lfdIvdLBG9+Ttk

Score
10/10
raccooncdfc9a1f925b0d382ad5704a3cb352fbdiscoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

cdfc9a1f925b0d382ad5704a3cb352fb

C2

http://192.121.23.67:80/

Attributes
  • user_agent

    MrBidenNeverKnow

xor.plain

Targets

    • Target

      974bc77cb81fc01f84907370cc3ef55c9e243c6e0e1df7b3af8238dc1bd68fd5

    • Size

      1.9MB

    • MD5

      02b2f62e789410f8c256b0d63ac45a1a

    • SHA1

      0405562a34ea101cd0e890e1643afbfd4cc48e56

    • SHA256

      974bc77cb81fc01f84907370cc3ef55c9e243c6e0e1df7b3af8238dc1bd68fd5

    • SHA512

      d7baa87d0ab38c0028e523ccb1e62662f20db6ceb256602e827c2f8037e40beae95a08e002ddb67d1b5ac53eee6da173d2b24dc438687319e9858a80d0a14ab5

    • SSDEEP

      49152:FNhQ1RFI9HDhf6I8BmYiMvdLBG9n+bn+etQ6fQ:F7QD6lfdIvdLBG9+Ttk

    Score
    10/10
    discoveryraccooncdfc9a1f925b0d382ad5704a3cb352fbstealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks