General
-
Target
http://raymondjaon.ug/rac2.exe
-
Sample
200702-9hkcamm6ge
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\LocalLow\machineinfo.txt
Family
raccoon
Ransom Note
[Raccoon Stealer] - v1.5.13-af-hotfix Release
Build compiled on Tue Jun 23 14:23:14 2020
Launched at: 2020.07.02 - 15:54:19 GMT
Bot_ID: 664A9041-4AC4-46F3-B3DC-87DB4D57890E_Admin
Running on a desktop
=R=A=C=C=O=O=N=
System Information:
- System Language: English
- System TimeZone: -0 hrs
- IP: 154.61.71.51
- Location: 37.750999, -97.821999 | ?, ?, United States (?)
- ComputerName: GOHCSFBB
- Username: Admin
- Windows version: NT 10.0
- Product name: Windows 10 Pro
- System arch: x64
- CPU: Persocon Processor 2.5+ (2 cores)
- RAM: 4095 MB (696 MB used)
- Screen resolution: 1280x720
- Display devices:
0) Microsoft Basic Display Adapter
============
Targets
-
-
Target
http://raymondjaon.ug/rac2.exe
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon log file
Detects a log file produced by the Raccoon Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for installed software on the system
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-