General
-
Target
704e226300feb57688dd71bed9fbd727ff42a0a71ced0.exe
-
Size
576KB
-
Sample
210531-dwl1lrnczx
-
MD5
1330bcc00782ad7beb3ceb7f98a8bebe
-
SHA1
99c39f54a04389a01bba332341035297b2c1caa1
-
SHA256
704e226300feb57688dd71bed9fbd727ff42a0a71ced02fbd428da4e993b7987
-
SHA512
c5a50f718b7bf7442011ac5a526310d28ce789a2f7765cb1962c4ab7941c4888d3177747eca4361360b806c53c761c3105726b6344dcbd60b61bab5b45929589
Malware Config
Extracted
raccoon
a5cce470ad0d57aff9fa94b5ee2c0c1fc2d802af
-
url4cnc
https://tttttt.me/baudemars
Targets
-
-
Target
704e226300feb57688dd71bed9fbd727ff42a0a71ced0.exe
-
Size
576KB
-
MD5
1330bcc00782ad7beb3ceb7f98a8bebe
-
SHA1
99c39f54a04389a01bba332341035297b2c1caa1
-
SHA256
704e226300feb57688dd71bed9fbd727ff42a0a71ced02fbd428da4e993b7987
-
SHA512
c5a50f718b7bf7442011ac5a526310d28ce789a2f7765cb1962c4ab7941c4888d3177747eca4361360b806c53c761c3105726b6344dcbd60b61bab5b45929589
Score10/10-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-