General
-
Target
system32.bin
-
Size
465KB
-
Sample
201023-seh5a3qvyx
-
MD5
049ef18418affcd542d9aa545bb07ee3
-
SHA1
994b2b316ed112d81c697294405dcf15f9193deb
-
SHA256
4d056b87049ec7fce672b40190bf8b5f9185395b7313d05bc196a655e7fe0c7a
-
SHA512
ad0b3ab61327d0cc802d3512db80a60be264a52b8f0f750c9d83b4750d1373c59466d399da8650523d6e99723d75e962176ece9f669310f464844c5c2370886c
Malware Config
Extracted
raccoon
- url4cnc
Extracted
raccoon
b240f186dfcd9a0141345e239b4ac51800830ac0
-
url4cnc
https://drive.google.com/uc?export=download&id=19HMmBPaIPyhdlvzB7YPOENIFHwLz8Kkc
Targets
-
-
Target
system32.bin
-
Size
465KB
-
MD5
049ef18418affcd542d9aa545bb07ee3
-
SHA1
994b2b316ed112d81c697294405dcf15f9193deb
-
SHA256
4d056b87049ec7fce672b40190bf8b5f9185395b7313d05bc196a655e7fe0c7a
-
SHA512
ad0b3ab61327d0cc802d3512db80a60be264a52b8f0f750c9d83b4750d1373c59466d399da8650523d6e99723d75e962176ece9f669310f464844c5c2370886c
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies service
-