General
-
Target
728ec66caf570eac6f1caebd5b1457191187d51361b8876252f503f52264ce30-20210416-100709
-
Size
645KB
-
Sample
210416-s727nppjme
-
MD5
6a2550e86f408c1e1d4229dc52ec2e02
-
SHA1
365f07f3ad6bac2e6c3152f34184c9966ce11501
-
SHA256
728ec66caf570eac6f1caebd5b1457191187d51361b8876252f503f52264ce30
-
SHA512
10e06d54c20dd9518e8e41b20682ac9cffe0f8e311759ec4c2585bca8739341c75bcd39aac055632ad9a35dad1ddcc844facabcb13f6481965abae469ce84dc4
Malware Config
Extracted
raccoon
- url4cnc
Extracted
raccoon
7df4595c6f8a5e577f4f77df7dc9ae6873994581
-
url4cnc
https://telete.in/capibar
Targets
-
-
Target
728ec66caf570eac6f1caebd5b1457191187d51361b8876252f503f52264ce30-20210416-100709
-
Size
645KB
-
MD5
6a2550e86f408c1e1d4229dc52ec2e02
-
SHA1
365f07f3ad6bac2e6c3152f34184c9966ce11501
-
SHA256
728ec66caf570eac6f1caebd5b1457191187d51361b8876252f503f52264ce30
-
SHA512
10e06d54c20dd9518e8e41b20682ac9cffe0f8e311759ec4c2585bca8739341c75bcd39aac055632ad9a35dad1ddcc844facabcb13f6481965abae469ce84dc4
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-