General
-
Target
SecuriteInfo.com.Trojan.GenericKD.46113648.15223.2651
-
Size
1.1MB
-
Sample
210421-n58bxdswzj
-
MD5
8b2e4d58d048020e58093528059f0cd4
-
SHA1
d3338e7f1607a32b7f4fe25055ad975a830157ac
-
SHA256
c082ed88815d66ea1bf11f905d15a39faa502d4b458a15cf31d5cd5e7bc7156e
-
SHA512
0a28829da290734f33ee9678908fd4e0dad963001d06ea8bc315db45ab7c4bfef72f0a9967d5eeed69dcc00f75f4e193c578ee3eded67c746c6014a3beafb41b
Malware Config
Extracted
raccoon
ff6a6d1e906b1f4b9e9440de61b268a94c35bbac
-
url4cnc
https://tttttt.me/j99optiktok
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.46113648.15223.2651
-
Size
1.1MB
-
MD5
8b2e4d58d048020e58093528059f0cd4
-
SHA1
d3338e7f1607a32b7f4fe25055ad975a830157ac
-
SHA256
c082ed88815d66ea1bf11f905d15a39faa502d4b458a15cf31d5cd5e7bc7156e
-
SHA512
0a28829da290734f33ee9678908fd4e0dad963001d06ea8bc315db45ab7c4bfef72f0a9967d5eeed69dcc00f75f4e193c578ee3eded67c746c6014a3beafb41b
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-