General
-
Target
0baccbb3c9954f8e20d00fcc7b9c8197
-
Size
461KB
-
Sample
210806-2zx7vn7t96
-
MD5
0baccbb3c9954f8e20d00fcc7b9c8197
-
SHA1
fda8dcb393ee1ab90e788dfe4b3813d7bf04c2e5
-
SHA256
11a5764ca8d515eb745b67a1d693fa3747873f80855cefd5eb7bf890cf0a7a8a
-
SHA512
f0ee280452c2171702ade1ac7e30b298a95f2d3b4a230cb3fd309e0bf042fb575861a8eddee89ddd42d86b860a12f10bf3869e58a2e02bf4e5f3dd7c070f76de
Static task
static1
Behavioral task
behavioral1
Sample
0baccbb3c9954f8e20d00fcc7b9c8197.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0baccbb3c9954f8e20d00fcc7b9c8197.exe
Resource
win10v20210408
Malware Config
Extracted
raccoon
2ca2376c561d1af7f8b9e6f3256b06220a3db187
-
url4cnc
https://telete.in/johnyes13
Targets
-
-
Target
0baccbb3c9954f8e20d00fcc7b9c8197
-
Size
461KB
-
MD5
0baccbb3c9954f8e20d00fcc7b9c8197
-
SHA1
fda8dcb393ee1ab90e788dfe4b3813d7bf04c2e5
-
SHA256
11a5764ca8d515eb745b67a1d693fa3747873f80855cefd5eb7bf890cf0a7a8a
-
SHA512
f0ee280452c2171702ade1ac7e30b298a95f2d3b4a230cb3fd309e0bf042fb575861a8eddee89ddd42d86b860a12f10bf3869e58a2e02bf4e5f3dd7c070f76de
-
Raccoon Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-