General
-
Target
1804b212754180e545aa2636f05214a2f7607a41550cb400978c1a500b23d02c
-
Size
496KB
-
Sample
210807-spzmw4vw9a
-
MD5
6f8bec273669a1e6d9726dc17e7d8c21
-
SHA1
816c22b2b5a71d54a59d0047a4356f6d235a62d3
-
SHA256
1804b212754180e545aa2636f05214a2f7607a41550cb400978c1a500b23d02c
-
SHA512
d3b8ca7e538df48be01823d634873c4a4d20d0a59d7b3c95dec199d8420e9f7a4ff5ff4829c6c8f9643f5ae0403ebd95d1e6346e14ecd6989c14fb03066e7f20
Malware Config
Extracted
raccoon
83fbe81dd43f775dd8af3cd619f88f428fbd9a96
-
url4cnc
https://telete.in/opa4kiprivatem
Targets
-
-
Target
1804b212754180e545aa2636f05214a2f7607a41550cb400978c1a500b23d02c
-
Size
496KB
-
MD5
6f8bec273669a1e6d9726dc17e7d8c21
-
SHA1
816c22b2b5a71d54a59d0047a4356f6d235a62d3
-
SHA256
1804b212754180e545aa2636f05214a2f7607a41550cb400978c1a500b23d02c
-
SHA512
d3b8ca7e538df48be01823d634873c4a4d20d0a59d7b3c95dec199d8420e9f7a4ff5ff4829c6c8f9643f5ae0403ebd95d1e6346e14ecd6989c14fb03066e7f20
Score10/10-
Detected phishing page
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
Raccoon Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-