Extracted

Extracted

• • Target

    Bankcopy_307144_2020-04-15_DE_E-INVOICE_20-613129926-12.hta

  • Size

    10KB

  • MD5

    09e4c471fc24da25b0ef0dd07bc0942f

  • SHA1

    3af39c106bb82a0c1abae7dfc33e2f0cb37b60d6

  • SHA256

    f80ee9bd806bacbf7994f8a2c6996de33979b12f46923cfa3e3e8e534738aee4

  • SHA512

    79f689cfc92d2260fcb62b8e87ba0acb6a4a688463ddbea7f405954512190c9e24d4985006232e6fcd93d0bba9f7b74fee1a77f50075dd597f6b6a1cea4490cd

  Score

  10^/10

  discoveryspywarestealerraccoonevasiontrojan

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Checks for installed software on the system

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Modifies system certificate store

    evasionspywaretrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2