General
-
Target
filename.exe
-
Size
535KB
-
Sample
210418-yqcpp993qa
-
MD5
fa55c745af8396e97e1b25a0be2f40d5
-
SHA1
0d12f2342329a0c36e015d945d510a18db05901c
-
SHA256
5a72b632fb10f52b61d8a39d1b27b238174130632b328b152648ea45e344339d
-
SHA512
41f5fc8a13cb49fdc59df8837677b5ce8e2a77f6a158ed4f8f3b38206ad9319247b4adba99b055e7b9e79bf6343fa4c6f59e7069c592973df7a3623bee2cc4eb
Malware Config
Extracted
raccoon
fe080c9bfcbe54ed632d9562ae158e815dbdc717
-
url4cnc
https://telete.in/jdiamond13
Targets
-
-
Target
filename.exe
-
Size
535KB
-
MD5
fa55c745af8396e97e1b25a0be2f40d5
-
SHA1
0d12f2342329a0c36e015d945d510a18db05901c
-
SHA256
5a72b632fb10f52b61d8a39d1b27b238174130632b328b152648ea45e344339d
-
SHA512
41f5fc8a13cb49fdc59df8837677b5ce8e2a77f6a158ed4f8f3b38206ad9319247b4adba99b055e7b9e79bf6343fa4c6f59e7069c592973df7a3623bee2cc4eb
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-