raccoon | ef5975ad737402d0bf4728f9b39779069b67036679820ef4e4f5b0108465905c | Triage

Submit
Reports

Overview

overview

Static

static

3

c98d20df81...d6.exe

windows7-x64

c98d20df81...d6.exe

windows10-2004-x64

Sharing

General

Target

a11d579c5bd5589c82fcf263519b038a.bin
Size

1.2MB
Sample

240915-bz59payfkj
MD5

c4b8f9e02e463a6cace9c3e2144cdf44
SHA1

193354d038e306ea24e69676ae585c0c9460f828
SHA256

ef5975ad737402d0bf4728f9b39779069b67036679820ef4e4f5b0108465905c
SHA512

d6f75d372ca40c7978b9b396ba3d028691b8d4feeeb8c39254e1af6bb6c2675c97d32a4519816bd61c02c01b142f667b254823d14493935b97cb5ad624dd0d54
SSDEEP

24576:5R7tU3Mz4zCEXNCtVawJn0/UJV0UTXe60o4urUEVsnnokVC/ut+suF:5Ry3Mz4zCEXQbJn0/UMXHEVuVgv

Score

10^/10

raccoon 4e847b07368a85ebd0a57e614b4bffb9 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c98d20df81567c0b314ba81bb8deb937eb385eccc352fa61258c58800d53a3d6.exe

Resource

win7-20240903-en

raccoon 4e847b07368a85ebd0a57e614b4bffb9 discovery stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

c98d20df81567c0b314ba81bb8deb937eb385eccc352fa61258c58800d53a3d6.exe

Resource

win10v2004-20240802-en

raccoon 4e847b07368a85ebd0a57e614b4bffb9 discovery stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

4e847b07368a85ebd0a57e614b4bffb9

C2

https://192.153.57.177:80

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  c98d20df81567c0b314ba81bb8deb937eb385eccc352fa61258c58800d53a3d6.exe
- Size
  
  1.6MB
- MD5
  
  a11d579c5bd5589c82fcf263519b038a
- SHA1
  
  8b728cd41c9e43122228ee58f890ecad1db20b82
- SHA256
  
  c98d20df81567c0b314ba81bb8deb937eb385eccc352fa61258c58800d53a3d6
- SHA512
  
  36bb6b900a43df3f4b003fa50e7d1e228eb3e9e4fdfdfb11dc6710cc618b8999a4703e9cf702ee4acdc67ea93aa1e5654d9a3eb2923514ac92c928e3829798ee
- SSDEEP
  
  24576:XBS5YMxUU0jQApp/rGCOVCFZ/Jb4m8W2uX75U/yj0yfFLXh1mnOWqZ:XBS5YMxwL/pUa5/n2urK/YV9R1iOW
Score

10^/10

raccoon 4e847b07368a85ebd0a57e614b4bffb9 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon4e847b07368a85ebd0a57e614b4bffb9discoverystealer

behavioral2

raccoon4e847b07368a85ebd0a57e614b4bffb9discoverystealer

© 2018-2024

Terms | Privacy