Extracted

Extracted

• • Target

    0da5863efb6a991be6b2751f67dd481f.exe

  • Size

    588KB

  • MD5

    0da5863efb6a991be6b2751f67dd481f

  • SHA1

    5396942eead1be7510ca4689c6c70111ab8ca7eb

  • SHA256

    7e4edc8ffe28e350521029d003b74b2d77e74d4423c4ceb14fb4860341c8b95f

  • SHA512

    5fe762a51307b284569e8639346e92ed0a5bac0bb8cd6b0a09b0e570d6bc3c84174ba565a756fe8c2b9f4eff2fa232e16e4505628cd2768b8bdf0210895a0f53

  Score

  10^/10

  ransomwareevasionspywaretrojaninfostealerredlinediscoverystealerraccoon

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

  • Raccoon log file

    Detects a log file produced by the Raccoon Stealer.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Checks for installed software on the system

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies system certificate store

    evasionspywaretrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2