raccoon

General

Target

JaffaCakes118_f4430682aed3f001e33c4f863d244c997e6ab6578140d8919f6dde5bc146ff3a
Size

149KB
Sample

241224-dq98dszraz
MD5

81c063b34f612418fb3fdeb69b78248c
SHA1

cf3c7638a10871d12696247d49734f2d9e7ee30a
SHA256

f4430682aed3f001e33c4f863d244c997e6ab6578140d8919f6dde5bc146ff3a
SHA512

9d348cff12778212d0ec78df944331470378d10b5c2ebc1f1d06ed64e398eebb0acfec2a0a2bb4a8ce6963694dee95daa2780c720bd915f18355682941c42ecb
SSDEEP

3072:AU7cTws4oRYyxVgYLBkXjg5tQP07aC/A6miRLi4eerQDbb1sWy5B1/L8w:Z4TwJWOYacQPzC/AiGherAbbc3

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

63267bc2317b9849c2d512a4e16b0f3b

C2

http://shettester1000.com/

Attributes

user_agent
TakeMyPainBack

xor.plain

1
63267bc2317b9849c2d512a4e16b0f3b

Targets

- Target
  
  90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312
- Size
  
  226KB
- MD5
  
  4382f175e013a9467bbc82148770a623
- SHA1
  
  e2aa29c9dd92e67211bb1df92bfe27d16c428074
- SHA256
  
  90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312
- SHA512
  
  2f3eb4c4c6f0075935f4afc1ae2feb1858d6e0035993071083e6b12b93a4d807cd2b10f7798a948939dec021043ff17c1ea6360015d3fdc375389c370ddfda90
- SSDEEP
  
  6144:nXC/Er0LxFr05caPlAiGVAs0NbpzHuSs:nXpr0NFY5dNAiGVSN9zH
Score

10^/10

raccoon 63267bc2317b9849c2d512a4e16b0f3b discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Raccoon family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.