General
-
Target
updatechannel4.exe
-
Size
13KB
-
Sample
210405-7mtzl3wsfn
-
MD5
8e9df5d267e02aee6e6e2427fa2e2454
-
SHA1
b125acffe65fdb28960f5bac489e899b910659f5
-
SHA256
937d2620a998f635ee40359f9a401a6c1c3c22600a6e78c8f8a760ea67d16553
-
SHA512
a72336565a6a48cfbad2ceb12fad89889e1f3e9e06a5ba5cb5a0c79abd960f48c2c81806a82c909cd6cda94cc6326ce0e5747e530fb4ab63a7827f9160a83a72
Malware Config
Extracted
raccoon
3d7990f080e9dcb56104447e3789dec4380efc8b
-
url4cnc
https://telete.in/jvadikkamushkin
Targets
-
-
Target
updatechannel4.exe
-
Size
13KB
-
MD5
8e9df5d267e02aee6e6e2427fa2e2454
-
SHA1
b125acffe65fdb28960f5bac489e899b910659f5
-
SHA256
937d2620a998f635ee40359f9a401a6c1c3c22600a6e78c8f8a760ea67d16553
-
SHA512
a72336565a6a48cfbad2ceb12fad89889e1f3e9e06a5ba5cb5a0c79abd960f48c2c81806a82c909cd6cda94cc6326ce0e5747e530fb4ab63a7827f9160a83a72
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-