General

  • Target

    Raccoon.Stealer.v2.sha.zip

  • Size

    589KB

  • Sample

    240915-2fwt1swfjj

  • MD5

    0831d0df9d7696f6aed73600539cdb3f

  • SHA1

    a36cc1fde961edc0de12a70235517fcb9d8fe930

  • SHA256

    2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

  • SHA512

    8618a315967c12116503a711030c6c3c1d6207b6ce121865944202556a1ea3ed7eca31fdf0b6f91193c38e352ad165b9a767514535c59a18cf056cf0472cd995

  • SSDEEP

    12288:3T0zBDiyKxxceujRPQFW0WuKDHI9yWAryOMIAxQ2UvO5v6xATr0xEQB:oRiyKL4jR4c0oYFOMrUvOZV0xP

Malware Config

Extracted

Family

raccoon

Botnet

403f7b121a3afd9e8d27f945140b8a92

C2

http://2.58.56.247

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

59c9737264c0b3209d9193b8ded6c127

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

e2586fb50f7434bfb05d10accaefc49b

C2

http://194.156.98.151

http://178.128.94.180

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

3ed895c4ff5dc5ec85caa2a9d1bed0f2

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

5f3e2ed386ddeccffbb4e34c56fc2efd

C2

http://192.248.184.34/

http://140.82.52.55/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

e585741d6b0b8a4e8192f16d8039618c

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

493cd800ef7e79f58f8ff5358ddf39e3

C2

http://85.202.169.112/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

b695af1820665d4dec830ca4a9dcca08

C2

http://91.194.11.43/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

501a1e4179cf717ac47928b0babb659b

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

e659c40e6a0038a59a752ff4d0ceb719

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

251130064569c4e8c0c5b31929396cc7

C2

http://142.132.180.233/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

fb389acc0c06486bd2eaf61e0a781e10

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

918c80e5f68acd2d6e7bb4b7d37a9190

C2

http://185.225.19.198/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

3ae13dbd91e0fa85463715dc48979fb2

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

8dfaf19d5f208c09ef40073e938545f5

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

b9418e8977fce1050745c6371e5d9b89

C2

http://51.195.166.184/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

0d78fe0763f83f0ac733762de262c556

C2

http://142.132.225.253/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

77975b9923aa5e257840086ae38f4f7c

C2

http://31.13.195.44

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

e2ae951b7762cdae39d49918c5b3283d

C2

http://51.195.166.201/

Attributes
  • user_agent

    record

rc4.plain
rc4.plain

Targets

    • Target

      0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909

    • Size

      56KB

    • MD5

      214add3ebdd5b429fda7c00e7f01b864

    • SHA1

      7cead6f1e4c4b0824365268cdd5d168acf56265c

    • SHA256

      0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909

    • SHA512

      6a3541878c3134d7dedbf9dc182cebf12689aa4b4d3f2b4071981175db79114a66336e6f41e73ede21d8c80ec42fec7fd48b17698df0e28feeb81df4d53b6219

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDoANyCa:wwshK8yMexbW9vJVDoANs

    Score
    3/10
    • Target

      022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03

    • Size

      55KB

    • MD5

      0cfa58846e43dd67b6d9f29e97f6c53e

    • SHA1

      19d9fbfd9b23d4bd435746a524443f1a962d42fa

    • SHA256

      022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03

    • SHA512

      263bb15955a86788d3006f4d3fdeabe6fed1291b6c6e60471ffdb59626755a81d1ffbafc58fe13c0633cb67f3f1d9a3ec92046b6d85eba56e56cd1c252ea4ea0

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDzANyCa:wwshK8yMexbW9vJVDzANs

    Score
    3/10
    • Target

      048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

    • Size

      55KB

    • MD5

      1d7d285f77ed5460fe9aada4c04dcfcf

    • SHA1

      9c6e393d8b2eac432720518f8991c86ad8fa94b7

    • SHA256

      048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

    • SHA512

      cfcd38cd8c12a80ad7d26442979bb5ac44541866810951eaf8d2fc709d1e9cb3cbe187065ff547717d3babe8abf9f98c2b04562dca992b63ff54c5465746f5e4

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDkANyCa:wwshK8yMexbW9vJVDkANs

    Score
    3/10
    • Target

      0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256

    • Size

      55KB

    • MD5

      d28ba705f24c9e51564c46aefab26754

    • SHA1

      0c6bb0d8f2611775b495a019c63f95b1377f2054

    • SHA256

      0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256

    • SHA512

      441ea8ded89e2bc7630134e9da3a5cd25835133f2c869ff7f6540041225cf3486e380bc2e001a2359adcca0723fb8b80b349ff4b905dbb686c354783c4c68d4a

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDiANyCa:wwshK8yMexbW9vJVDiANs

    Score
    3/10
    • Target

      2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc

    • Size

      55KB

    • MD5

      6844edfec32e4323ecfedc458f7d3b86

    • SHA1

      465d756d89a18d40a2721e74d99b4df8dc9438a8

    • SHA256

      2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc

    • SHA512

      94b2fea769586a0216466f2474f1a1c61d81f10b2bba79c5e7c3f18c3126302a8cff680ef71421fa91d3a70ac3fb37fea44ceeb6800cb83e0515068647356b95

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDhVANyCa:wwshK8yMexbW9vJVD/ANs

    Score
    3/10
    • Target

      263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693

    • Size

      55KB

    • MD5

      92d3194f6c3511b40def1b3c8f86e585

    • SHA1

      e9aaee23127a796285e3e227e4d92e3cf572c529

    • SHA256

      263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693

    • SHA512

      b5b8963dcbb9a26c8b6bb013c4f554162fa911dc929649ad62a1631cc1dcbba2ac3be7168f94afd7515ec3561e32ddf3ab9122c13cdd19e37b13f2ade7e2f79f

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDLANyCa:wwshK8yMexbW9vJVDLANs

    Score
    3/10
    • Target

      27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577

    • Size

      55KB

    • MD5

      7a2ef36c5dbf72b92b1adfb52e1e5426

    • SHA1

      abe82a1405471258c72d031191846ea627f1c63c

    • SHA256

      27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577

    • SHA512

      e75cd32ffa838a7258d5804cc48c75174a03b573329ad531c497c2fbf4b42eb9eb5c68cd951a8100cb34a985490c18d572791226e068f8e3a832279d35130931

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDtANyCa:wwshK8yMexbW9vJVDtANs

    Score
    3/10
    • Target

      2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e

    • Size

      55KB

    • MD5

      c5ce68e5feabffe94ce4309e9e278a91

    • SHA1

      ab272e68f0e09391e3675cf8cda344774ae98769

    • SHA256

      2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e

    • SHA512

      d3bf2ba058f75b4ecd2f371771ed516791fdd28a0bf2b7b2f6b4754db5f37aaf8f321d7d7e2319adb3de5ce7b7d64a647f63b1f9990ef4227918f3786a9d0d6b

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDRANyCa:wwshK8yMexbW9vJVDRANs

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Target

      47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1

    • Size

      55KB

    • MD5

      b35cde0ed02bf71f1a87721d09746f7b

    • SHA1

      0cf266265f77e387a9d396888651240f2b458e0a

    • SHA256

      47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1

    • SHA512

      59aa3d9c0cbcdbb1d08c563ed322517cd5a52c4dbb039f840a911860c46402304ae889217d1832d5d61af6e080d54d9edfcd3334fc7a8bef2f8f921f232b2344

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDjoANyCa:wwshK8yMexbW9vJVD8ANs

    Score
    3/10
    • Target

      516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e

    • Size

      55KB

    • MD5

      7894ab366f0b984ce78d7ef9724cec0d

    • SHA1

      48ca383575fdc914ed3436d40201eae6bac55007

    • SHA256

      516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e

    • SHA512

      bf2ecf43f4ce7451489aa9d16acfe3c9d528ec0d0b924b864630a058e38147626e4f4815cd540f9da7df507af4242e6623d645a20ed46ec1d1020dfe7cec7155

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDXANyCa:wwshK8yMexbW9vJVDXANs

    Score
    3/10
    • Target

      5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99

    • Size

      55KB

    • MD5

      9ea0905f02da6e6ef2e46d5e434ec2e9

    • SHA1

      90acb6ca3f40b72a7ab601b2f781d43ddb5d2bb9

    • SHA256

      5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99

    • SHA512

      243bb29df27ee2d9f4a7974df83f2325ad0b6f1cdab3dd210eb253f0f804bc9a0b56fffacda60ddaac3eec07082d0ca421db6e41eca9cc8d90d91673a899d434

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDqANyCa:wwshK8yMexbW9vJVDqANs

    Score
    3/10
    • Target

      62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975

    • Size

      55KB

    • MD5

      7be1483472153324066babf71c683045

    • SHA1

      4436a1c572737a82494d4ddfe91929ce4cd836cd

    • SHA256

      62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975

    • SHA512

      5e0b75f6e3b493d44f29379df4a7b314a266afe7dc121d09eccd801f4a591210b8b0d5b19173c210c9bd89d5abccf82dafe44694cff3596b8f1e2a9398086fd1

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDYANyCa:wwshK8yMexbW9vZVDYANs

    Score
    3/10
    • Target

      7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269

    • Size

      55KB

    • MD5

      6affeba1a78fcedc2d7dd78713a79a00

    • SHA1

      3cd9f5678212e7465af460eb05b9a5c1899842a9

    • SHA256

      7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269

    • SHA512

      3dfeb53bd27853ad5783b73e2173b51fa886b9da5da8fed04b6a6a17acf616b4ea0ee019e44f96066770a74dd000da18f9d97366f66cb66a651d13393e357590

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDqANyCa:wwshK8yMexbW9vJVDqANs

    Score
    3/10
    • Target

      7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0

    • Size

      55KB

    • MD5

      1e682d91b86e5d1059496ef5c9404a83

    • SHA1

      b997c212dee402190a4fe7562fa68f565c084711

    • SHA256

      7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0

    • SHA512

      e00e985da0097f7f743c82ab46b09e5c4b9c6aa03c7f28310a23ecc1167b5c4a21cf4490c6081c201e962ba830acaa04ef11eb40f4e1451a2d0e199e84e2d130

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVD6ANyCa:wwshK8yMexbW9vJVD6ANs

    Score
    3/10
    • Target

      960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63

    • Size

      55KB

    • MD5

      80b0745106a9a4ed3c18264ba1887bff

    • SHA1

      b97787c5fb625d884b184b16266d58bcec1bdff1

    • SHA256

      960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63

    • SHA512

      cdb135b66807377db24e31d50b8de80eae3f7c75c8323583a784e8808186e117460be3b4e8f61ec058670eaa045dcfcf279576f83c5dc2a0bf329ef5914c4691

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDtgANyCa:wwshK8yMexbW9vJVDtgANs

    Score
    3/10
    • Target

      99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac

    • Size

      55KB

    • MD5

      b71921298c866e9d17fe83becf9a2107

    • SHA1

      7f224b87eeaa85417c2d1e4a254d907c44439dee

    • SHA256

      99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac

    • SHA512

      0ce2893c05d9562d9a9a828fe9e2a0d5ea2e6d8e0f78e9d25391ca4c83b54df2f773e8ed48a673268072b928246c8247a941a15f470b2e435cbb2a3d316261c7

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDQANyCa:wwshK8yMexbW9vJVDQANs

    Score
    3/10
    • Target

      9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42

    • Size

      54KB

    • MD5

      88a354d8d051d4dd8c741cdf3e986244

    • SHA1

      b47cc17316ef37a18919eedd0ec16908febac7a1

    • SHA256

      9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42

    • SHA512

      a9c88168c122c0e18d18d1166724f403c462fa93e0c62094f56160306fd64a564b7569051a17171144f0431a9e1929aed07de3a96c883f1fd7d91a4b6893eace

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDQANyCaD:wwshK8yMexbW9vJVDQANsD

    Score
    1/10
    • Target

      bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e

    • Size

      55KB

    • MD5

      16bae91061e6410ddf2c17b544939d87

    • SHA1

      531b6c546b26eeb9e33560292bb756b47affbeaa

    • SHA256

      bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e

    • SHA512

      8fa546a1ab78a43f1feebe009d7d578242c3f1a96778588a3086b69a1bd58449a563d99114cbbad94c840f1ca8469d26e9c6e83d240ee0d472bb56b6dad4422d

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDMANyCa:wwshK8yMexbW9vJVDMANs

    Score
    3/10
    • Target

      c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a

    • Size

      55KB

    • MD5

      0b4146abe7ab84bfa66e1bb9b947fee3

    • SHA1

      f88cb9e308c4de39ddbb0d50b71a28f04bc8bd85

    • SHA256

      c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a

    • SHA512

      9a31029310401dc7c09d06754a62b76ee8a9d47b1d4aa694506d70a093625f3cdcbe102e6ecf0f94ad41b8aae00765bd4347334c76f0dc078fbee07994d34803

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDTANyCa:wwshK8yMexbW9vJVDTANs

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Target

      e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5

    • Size

      55KB

    • MD5

      3e8a0b51131b8937ec9d36e96872a581

    • SHA1

      589676a88d04977b651722dd061b158771a6435d

    • SHA256

      e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5

    • SHA512

      c3ecdcf4d96ecc1cdcd24fdecd316daa80a23d1e8b3a114c3852ffcaed0eec78f8319d42e32e54d54c737e987d7b838722354dfae6cfc58b77150f731da25d65

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVDeANyCa:wwshK8yMexbW9vJVDeANs

    Score
    3/10
    • Target

      f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27

    • Size

      55KB

    • MD5

      eca370e62443218965eb27b1a61bb7a0

    • SHA1

      4e48d0c38e0a4543137cd381abb38e6bd17f17aa

    • SHA256

      f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27

    • SHA512

      6e0554a49c509a3c1c29f042746d18f924417692f3d4c2e8f55676bcc8bb7574ff3a8d4c131634601bd3da28c7c4ef4282c7002bb2a88a69c40e73aa23d58c81

    • SSDEEP

      1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVD5ANyCa:wwshK8yMexbW9vJVD5ANs

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

403f7b121a3afd9e8d27f945140b8a9259c9737264c0b3209d9193b8ded6c127e2586fb50f7434bfb05d10accaefc49b3ed895c4ff5dc5ec85caa2a9d1bed0f25f3e2ed386ddeccffbb4e34c56fc2efde585741d6b0b8a4e8192f16d8039618c493cd800ef7e79f58f8ff5358ddf39e3b695af1820665d4dec830ca4a9dcca08501a1e4179cf717ac47928b0babb659be659c40e6a0038a59a752ff4d0ceb719251130064569c4e8c0c5b31929396cc7fb389acc0c06486bd2eaf61e0a781e10918c80e5f68acd2d6e7bb4b7d37a91903ae13dbd91e0fa85463715dc48979fb28dfaf19d5f208c09ef40073e938545f5b9418e8977fce1050745c6371e5d9b890d78fe0763f83f0ac733762de262c55677975b9923aa5e257840086ae38f4f7ce2ae951b7762cdae39d49918c5b3283draccoon
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

raccoondiscoverystealer
Score
10/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

discovery
Score
3/10

behavioral19

raccoondiscoverystealer
Score
10/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10