raccoon | 8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...cb.exe

windows7-x64

1

JaffaCakes...cb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb
Size

726.7MB
Sample

241225-1rh7mazjgk
MD5

ac29cbf9313e3b6bb489bc9f50eb108e
SHA1

d1ff2c6fe68acfce78ad1bbc2142f6220c93d781
SHA256

8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb
SHA512

d51d351d1ac4a1232718a97faad1205370bd8777f62cc0fab1da468b920bfe868fe7219684453beb884b8151f44b51cfaa80872d19c96f4594350f4b86fc447e
SSDEEP

196608:h1Vqf+JZwA8csCao3+r2gq1j6Ii0hGv6JkU5ZQwjVLQM3x:LB8c3aoaM+Ii2GvsnB

Score

10^/10

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb.exe

Resource

win10v2004-20241007-en

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

8c3e4aa007fb2f2defacc1f952806f72

C2

http://170.75.173.138/

http://85.192.63.243/

Attributes

user_agent
23591

xor.plain

Targets

- Target
  
  JaffaCakes118_8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb
- Size
  
  726.7MB
- MD5
  
  ac29cbf9313e3b6bb489bc9f50eb108e
- SHA1
  
  d1ff2c6fe68acfce78ad1bbc2142f6220c93d781
- SHA256
  
  8e81cb2b4fa3e524879ddb5a73e571c79107cce37e727abfd16188e87cc357cb
- SHA512
  
  d51d351d1ac4a1232718a97faad1205370bd8777f62cc0fab1da468b920bfe868fe7219684453beb884b8151f44b51cfaa80872d19c96f4594350f4b86fc447e
- SSDEEP
  
  196608:h1Vqf+JZwA8csCao3+r2gq1j6Ii0hGv6JkU5ZQwjVLQM3x:LB8c3aoaM+Ii2GvsnB
Score

10^/10

raccoon 8c3e4aa007fb2f2defacc1f952806f72 discovery stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
- Raccoon family
  raccoon
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

raccoon8c3e4aa007fb2f2defacc1f952806f72discoverystealer

© 2018-2024

Terms | Privacy