Extracted

Extracted

Extracted

Extracted

• • Target

    3Z8QHEBk.tmp.exe

  • Size

    137KB

  • MD5

    0d969fd596743d82839ac89189f47a2b

  • SHA1

    2adb5aba20d3af1b9c78856555a08015b0f7df25

  • SHA256

    a3c625b0c6de6b9885470ce4e5f55e08e64c82c668cdc1df8d1a81d751f401be

  • SHA512

    ac2f7d71e8c547b6c8c12fc00ea9ef27a76daf59fdfe5b42cc32f42cebc85a689e04da239489a59c746300f89e1977f935ae94bd2a0047c27f428832a070068c

  Score

  10^/10

  ransomwarepersistencetrojanbackdoorsmokeloaderdiscoverystealerraccoonbotnetzloaderspyware

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

  • Raccoon log file

    Detects a log file produced by the Raccoon Stealer.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • JavaScript code in executable

  • Modifies service

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2