General
-
Target
12f0a80b6374b38a3997a7ef4528f26ccbca664b26e48533e7d1f36c78da76f4
-
Size
310KB
-
Sample
210414-t9tgtzd4en
-
MD5
c6c55d4ec62be18675a039e710ab6ae2
-
SHA1
9eed727a54747559df98c24a3f926cf950999587
-
SHA256
12f0a80b6374b38a3997a7ef4528f26ccbca664b26e48533e7d1f36c78da76f4
-
SHA512
6626e7a6f96ff572154bbe6b944ce3d4651bdaf9c9782d34fa7dd60bf339333ac3251c9487ffba3afa59e002dbc538594aa35b68a83e023c42d43583ee15a7e0
Malware Config
Extracted
raccoon
16992cd33145ccbb6feeacb4e84400a56448fa14
-
url4cnc
https://telete.in/baudemars
Targets
-
-
Target
12f0a80b6374b38a3997a7ef4528f26ccbca664b26e48533e7d1f36c78da76f4
-
Size
310KB
-
MD5
c6c55d4ec62be18675a039e710ab6ae2
-
SHA1
9eed727a54747559df98c24a3f926cf950999587
-
SHA256
12f0a80b6374b38a3997a7ef4528f26ccbca664b26e48533e7d1f36c78da76f4
-
SHA512
6626e7a6f96ff572154bbe6b944ce3d4651bdaf9c9782d34fa7dd60bf339333ac3251c9487ffba3afa59e002dbc538594aa35b68a83e023c42d43583ee15a7e0
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-