Extracted

Extracted

Extracted

Extracted

• • Target

    4km8TqjC.tmp.exe

  • Size

    189KB

  • MD5

    2888f57e020661ec120a6ad3d7299a48

  • SHA1

    97e5a7863375fb937603cc4631ffe4c1cb0a49ef

  • SHA256

    a8cbc1707cbf767b2923fd7d77a8ab5b7d7be65af2439afabb41e8715f31c092

  • SHA512

    7f8ea966a9b29530c5ec997aebc0583d52c9653f775b60c271452ad6890e58e3a51c77c4b866babdb85372b0994bb2e5a68fabd0fcc4a1a4655c2e9522a93703

  Score

  10^/10

  ransomwarespywarediscoverytrojanbotnetzloaderstealerraccoonbackdoorsmokeloaderpersistence

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon

  • Raccoon log file

    Detects a log file produced by the Raccoon Stealer.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • JavaScript code in executable

  • Suspicious use of SetThreadContext

  behavioral1behavioral2