General
-
Target
ccdbc10be704be2da8fb00b81f8f86f0db195e06a133c24322c22316aa4c3bb1
-
Size
477KB
-
Sample
210807-6sqs3wz9g2
-
MD5
0cb06e41082db0449711cb9965441919
-
SHA1
f48791e70734374b9c42e9279ff5f3e77d1f1717
-
SHA256
ccdbc10be704be2da8fb00b81f8f86f0db195e06a133c24322c22316aa4c3bb1
-
SHA512
c2f6d29329e899ef5b8df72b9917d13d6e67dd0485b9a9db61c0314fbf28b5adfbaaf0982a4d1d416d714cbb4834b297cb083089ad463b43151447b7218c4d3b
Malware Config
Extracted
raccoon
83fbe81dd43f775dd8af3cd619f88f428fbd9a96
-
url4cnc
https://telete.in/opa4kiprivatem
Targets
-
-
Target
ccdbc10be704be2da8fb00b81f8f86f0db195e06a133c24322c22316aa4c3bb1
-
Size
477KB
-
MD5
0cb06e41082db0449711cb9965441919
-
SHA1
f48791e70734374b9c42e9279ff5f3e77d1f1717
-
SHA256
ccdbc10be704be2da8fb00b81f8f86f0db195e06a133c24322c22316aa4c3bb1
-
SHA512
c2f6d29329e899ef5b8df72b9917d13d6e67dd0485b9a9db61c0314fbf28b5adfbaaf0982a4d1d416d714cbb4834b297cb083089ad463b43151447b7218c4d3b
Score10/10-
Detected phishing page
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-