raccoon

General

Target

894cdec44cc75039c532d9edc2b521af78e4107e913b979b6eac07c60c56df46
Size

1.2MB
Sample

241121-y36e7a1mhj
MD5

69746ce363641afaca8a90114c336494
SHA1

f51c655bb59da818d38f811327ddb853876c5359
SHA256

894cdec44cc75039c532d9edc2b521af78e4107e913b979b6eac07c60c56df46
SHA512

6d746539f1f3e975a91779cbff30325c0a8c9635b22ae5a5b0727ea554ebaccf38158c237808087a7a0721d3f0b1c7e12cfae7664c4338fd513ed59d3d152db5
SSDEEP

24576:iSsSqi9qF0/0AAmz+nSr+eFKPZ4PFDsEkVzvTRCQPzUXMvyv:iSsOwucAAmz+nssR4PFDsE0gX3v

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mc6b

Decoy

packyssportsbarandgrill.com

catherinemata.com

swooningheartsenterprises.com

miss-notary86.com

applianceson.website

investormonks.online

lootproject.art

adoletakids.com

searchlink7.com

msjoyjewelsunlimited.com

dannisdolls.online

premierpor.xyz

geceseks.com

camdaw.xyz

ditrixmed.store

yotosunny.com

asdeformar.com

lacofood.com

nu865ci.com

verdantgomkte.xyz

Extracted

Family

raccoon

Version

1.8.2

Botnet

a41ffcd20150e4814320ae5f467659001fd5a10f

Attributes

url4cnc
http://teletop.top/h_awp_1

http://teleta.top/h_awp_1

https://t.me/h_awp_1

rc4.plain

Targets

- Target
  
  Nov Vessel Updated Notice - HMM RAON V.002W.scr
- Size
  
  544KB
- MD5
  
  67592672996da2ed7b0588f450ff1f8d
- SHA1
  
  9b7cc0315535f5a10c9633a43fd70cd6a225df6a
- SHA256
  
  c20a66b1da1cbeff5c0bd7e0db5ab5005013eee56d5831f4a6fe45f6b4b3666d
- SHA512
  
  e9f1d230d6349ce73a6485b4189b37f7ec6f0cd854d5ff76e52c6740651ddd6835d5094f43fc95fb859111fb5653520abb97e01170fe48a8346aab28002758b5
- SSDEEP
  
  12288:x78H18RW/TlNQnP0MNqXgP0foxF1nif0yQH29e6HF+Uz7mske:nRcTcVs1hxdH17mske
Score

10^/10

xloader mc6b discovery loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader family
  xloader
- Xloader payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  REVISED ISF Simple Data Template - .TAIPEI PORT.scr
- Size
  
  939KB
- MD5
  
  8f2339ea03c28445e8953c962b627a9f
- SHA1
  
  78bb830baac34639d32490699ff1538417c253fa
- SHA256
  
  223190694e03de0b3c9c95bdf8aeede128541033d3cf7bd4abeda4c17bba3d96
- SHA512
  
  7956bf31099d792a8a307ae721c1bd1e72892c639371850e2e67f85efa024b9278442445979324f916ff4f583320bd58ca89fe917a1c7685c48d39b1ef5fbe1a
- SSDEEP
  
  24576:HKQT/RPn1mpm2GmwzjZkY8HexKBwi/hMNFDWpke:zj51mdGRjZ0jhMNFqke
Score

10^/10

raccoon a41ffcd20150e4814320ae5f467659001fd5a10f discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- Raccoon family
  raccoon
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Xloader

Xloader family

Xloader payload

Deletes itself

Suspicious use of SetThreadContext

Raccoon Stealer V1 payload

Raccoon family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4