General
-
Target
SecuriteInfo.com.Trojan.GenericKDZ.73123.31244.15546
-
Size
542KB
-
Sample
210223-l6ykryg8mj
-
MD5
e48ba1147b75508b7f58cace584373cb
-
SHA1
b24be163878f851e0b9bc5da8967879d5ff3d846
-
SHA256
3d3112ce7c1a80e0378b15c7084b1b49a9805a5e47a85a97acdd7841d0a9b40b
-
SHA512
5874e76db5ea79bf7128d50f80c6f9c22d79fd78f75b72a2db6131a7daa743f5d60e15f7af6a8767eaceec6dfb84b55a1c8f4bb57688a674aba88035f06b7060
Malware Config
Extracted
raccoon
99fdcb30af520f176f0e14e858c8bb23c13330d9
-
url4cnc
https://tttttt.me/jrrand0mer
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKDZ.73123.31244.15546
-
Size
542KB
-
MD5
e48ba1147b75508b7f58cace584373cb
-
SHA1
b24be163878f851e0b9bc5da8967879d5ff3d846
-
SHA256
3d3112ce7c1a80e0378b15c7084b1b49a9805a5e47a85a97acdd7841d0a9b40b
-
SHA512
5874e76db5ea79bf7128d50f80c6f9c22d79fd78f75b72a2db6131a7daa743f5d60e15f7af6a8767eaceec6dfb84b55a1c8f4bb57688a674aba88035f06b7060
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-