raccoon | c58ed3e5913dfe4b9cb3a2f16279760988192d0215b76bb58a8b07806b86966b | Triage

Sharing

General

Target

JaffaCakes118_c58ed3e5913dfe4b9cb3a2f16279760988192d0215b76bb58a8b07806b86966b
Size

8.0MB
Sample

241221-w3crrswlgk
MD5

afbd884616d43695b45f4b69b68045b6
SHA1

df485e65d8e5e2ee43b2140431c9a2351e5c36d7
SHA256

c58ed3e5913dfe4b9cb3a2f16279760988192d0215b76bb58a8b07806b86966b
SHA512

37573a89ee056a9be528d77debdcf3e00a7bf33c7b7e0c9a600fe090cb6e7c83d4cabe6884123b35d56f2215f9c0584342f69c203240348c59598ac93219981b
SSDEEP

196608:jX1le9xg0SNcJmkVZ79fz7nuTGoGoUNoah5GXIE4ue0:ZlExg0SYnVnPn3ZVoaw2ue0

Score

10^/10

raccoon b1d25908f798e26e39c747ffa6f02401 discovery stealer

Malware Config

Extracted

Family

raccoon

Botnet

b1d25908f798e26e39c747ffa6f02401

C2

http://45.142.215.197

http://94.131.97.33/

Attributes

user_agent
TakeMyPainBack

xor.plain

Targets

- Target
  
  Passwords_123_Full_Setup/Setup.exe
- Size
  
  341.7MB
- MD5
  
  40cf027152631495fe8a12ac8b109579
- SHA1
  
  7f8a9d8fef38b83e8168fc5deecc15215e64d273
- SHA256
  
  46e4385c696d08ba1fc847ca717c62fe0e7b03659cc40b4afae16519dbd14a93
- SHA512
  
  2e27792ecd8351429d2a19d634e3b46d2158fae885f7dc1930b953f86f65d571acf7711774366102625cea95ce136ced8d089af74945369f51a1d6d67347b9e1
- SSDEEP
  
  196608:y/IRxRWrNvpwgw1xXlXFS0yveAFFgkoS:RwNSvlVhVQgk
Score

10^/10

raccoon b1d25908f798e26e39c747ffa6f02401 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoonb1d25908f798e26e39c747ffa6f02401discoverystealer

behavioral2

raccoonb1d25908f798e26e39c747ffa6f02401discoverystealer