raccoon | 246fe8f669f674ed1170cbba901fa5609c693b09e4e60bebd54ba07f5a80d035 | Triage

Submit
Reports

Overview

overview

Static

static

1cbb1d0d8f...18.exe

windows7-x64

1cbb1d0d8f...18.exe

windows10-2004-x64

Sharing

General

Target

1cbb1d0d8f45beadd900c675d2f0e50d_JaffaCakes118
Size

1.6MB
Sample

240506-qvdq7sdb2z
MD5

1cbb1d0d8f45beadd900c675d2f0e50d
SHA1

d3d999f198e8b009674c9db2e14de493ef9c61d9
SHA256

246fe8f669f674ed1170cbba901fa5609c693b09e4e60bebd54ba07f5a80d035
SHA512

58f0e6b7684d9d6e41dbce5a4bf30e58119bb63cfb3a2636e4aa8161551313aceb16c38f700407ad6e7b090e6dd693bb2b344fe1f6414a8a74275308fb736329
SSDEEP

24576:u4rL+iTBObcQo/8jfFJsJipr2IvskGhPUqf6uCrh9pS9v+Ck7Ow+EVIq8KOd:zLDTylbTq2skS8gRQzmm9qNEG

Score

10^/10

raccoon zgrat ca50de89aeb57a98ef3c6469ed2d76b33aee5eec rat stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1cbb1d0d8f45beadd900c675d2f0e50d_JaffaCakes118.exe

Resource

win7-20240221-en

raccoon zgrat ca50de89aeb57a98ef3c6469ed2d76b33aee5eec rat stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1cbb1d0d8f45beadd900c675d2f0e50d_JaffaCakes118.exe

Resource

win10v2004-20240419-en

raccoon zgrat ca50de89aeb57a98ef3c6469ed2d76b33aee5eec rat stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ca50de89aeb57a98ef3c6469ed2d76b33aee5eec

Attributes

url4cnc
https://telete.in/jrubixred

rc4.plain

rc4.plain

Targets

- Target
  
  1cbb1d0d8f45beadd900c675d2f0e50d_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  1cbb1d0d8f45beadd900c675d2f0e50d
- SHA1
  
  d3d999f198e8b009674c9db2e14de493ef9c61d9
- SHA256
  
  246fe8f669f674ed1170cbba901fa5609c693b09e4e60bebd54ba07f5a80d035
- SHA512
  
  58f0e6b7684d9d6e41dbce5a4bf30e58119bb63cfb3a2636e4aa8161551313aceb16c38f700407ad6e7b090e6dd693bb2b344fe1f6414a8a74275308fb736329
- SSDEEP
  
  24576:u4rL+iTBObcQo/8jfFJsJipr2IvskGhPUqf6uCrh9pS9v+Ck7Ow+EVIq8KOd:zLDTylbTq2skS8gRQzmm9qNEG
Score

10^/10

raccoon zgrat ca50de89aeb57a98ef3c6469ed2d76b33aee5eec rat stealer
- Detect ZGRat V1
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

raccoonzgratca50de89aeb57a98ef3c6469ed2d76b33aee5eecratstealer

behavioral2

raccoonzgratca50de89aeb57a98ef3c6469ed2d76b33aee5eecratstealer

© 2018-2024

Terms | Privacy