raccoon

Sharing

General

Target

2f2d4587b0faf105a6d992856d7a92c03f599b68b84bd41b8c2cb32419b90a47
Size

907KB
Sample

241022-wm7xzazdrn
MD5

36f9f1d6c34e3277fd8e4de52ffa1f5f
SHA1

579c4e71f6f22f224195da1fd7bed927bcb0f990
SHA256

2f2d4587b0faf105a6d992856d7a92c03f599b68b84bd41b8c2cb32419b90a47
SHA512

45b90fc788c797f5526e5db190ec32a77a2c1ed5c135914c0a7d829dfafb553bef84d3084a1c27f4c65c388f438681ae17bb3e9cb006e6108698f93737dc409f
SSDEEP

24576:pAT8QE+kTVNpJc7Y/sDZ0239WoShkhiEktQeZZfsklroT:pAI+aNpJc7Y60EWoShrEm3rdds

Score

10^/10

raccoon redline vidar 5 5076357887 76426c3f362f5a47a469f0e9d8bc3eef @tag12312341 afb5c633c4650f69312baef49db9dfa4 nam3 ruxarr_gg discovery infostealer stealer

Malware Config

Extracted

Family

vidar

http://146.19.247.187:80

http://45.159.248.53:80

https://t.me/babygun222

http://168.119.59.211:80

http://62.204.41.126:80

Extracted

Family

redline

Botnet

nam3

103.89.90.61:34589

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

RuXaRR_GG

insttaller.com:40915

Attributes

auth_value
4a733ff307847db3ee220c11d113a305

Extracted

Family

redline

Botnet

5076357887

195.54.170.157:16525

Attributes

auth_value
0dfaff60271d374d0c206d19883e06f3

Extracted

Family

redline

Botnet

176.113.115.146:9582

Attributes

auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f

Extracted

Family

redline

Botnet

@tag12312341

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

raccoon

Botnet

76426c3f362f5a47a469f0e9d8bc3eef

http://45.95.11.158/

Attributes

user_agent
mozzzzzzzzzzz

xor.plain

Extracted

Family

raccoon

Botnet

afb5c633c4650f69312baef49db9dfa4

http://193.56.146.177

Attributes

user_agent
mozzzzzzzzzzz

xor.plain

Targets

- Target
  
  2f2d4587b0faf105a6d992856d7a92c03f599b68b84bd41b8c2cb32419b90a47
- Size
  
  907KB
- MD5
  
  36f9f1d6c34e3277fd8e4de52ffa1f5f
- SHA1
  
  579c4e71f6f22f224195da1fd7bed927bcb0f990
- SHA256
  
  2f2d4587b0faf105a6d992856d7a92c03f599b68b84bd41b8c2cb32419b90a47
- SHA512
  
  45b90fc788c797f5526e5db190ec32a77a2c1ed5c135914c0a7d829dfafb553bef84d3084a1c27f4c65c388f438681ae17bb3e9cb006e6108698f93737dc409f
- SSDEEP
  
  24576:pAT8QE+kTVNpJc7Y/sDZ0239WoShkhiEktQeZZfsklroT:pAI+aNpJc7Y60EWoShrEm3rdds
Score

10^/10

raccoon redline vidar 5 5076357887 76426c3f362f5a47a469f0e9d8bc3eef @tag12312341 afb5c633c4650f69312baef49db9dfa4 nam3 ruxarr_gg discovery infostealer stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

RedLine

RedLine payload

Vidar

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2