General
-
Target
bb6ae48f105dfe88267b2c1f60029eb8.exe
-
Size
444KB
-
Sample
210323-eh4jmymd9x
-
MD5
bb6ae48f105dfe88267b2c1f60029eb8
-
SHA1
ad3ea1723b812080b6e8ee7ff4776dc5f6d84bd9
-
SHA256
a9d0121ba9783e14f8ac72cce2cbce7e330d0b7f29e5311f497b86d286f2d5d1
-
SHA512
6a1717cde399237dccecf4df44a8074eb3ba9d636a47734be48cdc49b00af736947943bfacc037642b60eba58c0c435da91b0b5e89df8467014083bbff3fbef7
Malware Config
Extracted
raccoon
2ce901d964b370c5ccda7e4d68354ba040db8218
-
url4cnc
https://telete.in/tomarsjsmith3
Targets
-
-
Target
bb6ae48f105dfe88267b2c1f60029eb8.exe
-
Size
444KB
-
MD5
bb6ae48f105dfe88267b2c1f60029eb8
-
SHA1
ad3ea1723b812080b6e8ee7ff4776dc5f6d84bd9
-
SHA256
a9d0121ba9783e14f8ac72cce2cbce7e330d0b7f29e5311f497b86d286f2d5d1
-
SHA512
6a1717cde399237dccecf4df44a8074eb3ba9d636a47734be48cdc49b00af736947943bfacc037642b60eba58c0c435da91b0b5e89df8467014083bbff3fbef7
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-