General
-
Target
34c86d1d51efbc6b487204a734376fe8d99a546c755c95c3cf79d7a678df09ae
-
Size
780KB
-
Sample
200831-yljyl78vks
-
MD5
7bfa183848dff9072386834d83d69db8
-
SHA1
e194b3b6e4be2fc445555f60e1c5efd972bd9aec
-
SHA256
34c86d1d51efbc6b487204a734376fe8d99a546c755c95c3cf79d7a678df09ae
-
SHA512
a2a6cc8f672c18d1a9082508a6d86f35e9950dfd00eaa36bdf89ad4264615079532b1b0957c6ee8d8535c39a56cf0933c7247f7693b075600024777e04ed04a0
Malware Config
Extracted
C:\Users\Admin\AppData\LocalLow\machineinfo.txt
raccoon
Targets
-
-
Target
34c86d1d51efbc6b487204a734376fe8d99a546c755c95c3cf79d7a678df09ae
-
Size
780KB
-
MD5
7bfa183848dff9072386834d83d69db8
-
SHA1
e194b3b6e4be2fc445555f60e1c5efd972bd9aec
-
SHA256
34c86d1d51efbc6b487204a734376fe8d99a546c755c95c3cf79d7a678df09ae
-
SHA512
a2a6cc8f672c18d1a9082508a6d86f35e9950dfd00eaa36bdf89ad4264615079532b1b0957c6ee8d8535c39a56cf0933c7247f7693b075600024777e04ed04a0
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon log file
Detects a log file produced by the Raccoon Stealer.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
-